Port 80 Scan Galore!

[DIDS]

I am getting hit like crazy with Port 80 scans. Most likely due to the Code Red Worm. They are all primarily on RoadRunner. Anyone esle getting nailed alot by these scans?

[W_I_Z_K_I_D]

Yo listen Dids
i aint got no port 80 scans latelly but yeah your right...probbaly got somethin to do with code red..
Kepp my ears and eyes open bro....You might whanto check with Greed and see what port 80 is and what its used for...he has an interesting port list.....could be uselfull
lAyTa

[greEd]

port 80 is http

[Logan 5]

DIDS,

Yes I am getting hit on port 80 big time. Using ZoneLog Analyser
and it is showing them from all over the place.

Jim

[Dakota]

Nothing's getting past my router to ZAPro, but my modem lights (data and activity) are blinking just like I'm downloading a file. Been doing that all day today, but no data is coming through, and nothing to my computers except what's supposed to come through. Speed is also unaffected as I get 500—1,000-plus KB/ps at HappyPuppy. I called ATT and they have no idea what's going on either, but they have been getting a bunch of complaints on it today and they are trying to find out what's up.

[fredra]

Same here with the Port 80 scans....my router is not letting them through, but my logs are filling up and speed is adversely affected....
And it is constant...OMG...it NEVER stops....
I will have to just shut the sucker down and go watch TV
PEACE!!!!!

[Dakota]

Weird. My speed is not effected at all as I said above...

[blebs]

I think this is the full scale attack! I've got one sub 7 hit and the entire log is filled with port 80 hits. I can't clear the alert fast enough!

[MrTRiX]

I am trying to make a TPF rule so I can see them all?

Is it Port 80 on TCP Incoming? And should I set it to watch Local port 80 or remote port 80?

[blebs]

port 80 TCP incoming and I believe local. might try it both ways though.

[Zporttech]

My port 80 has also been under attack. About 200 hits yesterday (8/4).

Using @Home in Indiana.............

[Zuma]

My modem is still going nuts, but nothing is getting past the router to Tiny. Unlike BlueJetta tho my speed is horrible (40KBs at HappyPuppy) ACK!

[BadEditor]

I'm getting 'probed' alot too

Starting saturday around 11am is when I started to Notice it....

My Zonealarm is Logging around 350 port scans from Various IP addresses.....

Called Tech and They know about it....

[boobless]

same here....got close to 500 port 80 scans since yesterday. am on cox@home in RI.

@guard's not letting em through tho. most of them seem to be comming from up north...in or near canada.

[chimdogger]

The Chimdogger checking in....
My modem is possesed. Get me a preist! Port 80 scans up the buTT. Couple sub7 scans for good measure. Dont know what the deal is but I am considering a cable router. What could they be scanning for on port 80. Everybodys computer is wide open on port 80 but what are they hitting it for???? If there is an exploit for port 80 then things are going to get real interesting...

Later on,

Chimdogger out

[Juggernaut]

Originally posted by boobless
most of them seem to be comming from up north...in or near canada.

It's all a plan for us Canucks to take over

[cyberskye]

Code Red proliferates by scanning for other unpatched IIS servers. Most often these servers would be listening on tcp port 80 (http)...

I received over 500 requests yesterday - I'm on comcast@home, alexandria VA.

Most of them are coming from other hosts on the @home network all over canada and some from new england.

Speeds are down from 2400-3200 Down to about 1000. And I thought @home said they were going to start blocking inbound requests on port 80 across their network...

Skye

[fredra]

From Canada eh
We are taking over...watch out...lol
PEACE!!!!