We are running F-secure Firewall in several departments. Several times now we have seen an intrusion warning with a source of remote address 0.0.0.0, local address 255.255.255.255. On each occasion it is an intrusion attempt with a scan range of "137 < protocol < 224", and usually it is detected on port 139. Has anyone else seen this? Any idea what is doing this and why the IPs are so generic? We are running F-Secure Client Security Premium 11.61; the affected PCs are Windows 7.
... View more