My firewall has been going off continuously !!!
It's becoming impossible to work because of Haxors !!!
Is there any way I can shut down port 80?
It seems like it's the favourite target on my OS.
Any one know what this port handles?
Any help would be much appreciated.
p.s. I've been interrupted three times in the time it took to type this !!!

------------------
I came.
I sawed.
I conquered.
http://www.geocities.com/xev_clan/SAW01.gif

Hi carpenter,

There seems to be a lot of this goin' on. I'm gettin' it constantly.

Do you have ZoneAlarm? They can sometimes tell who's scannin' you.

If it's an address in the 172.xxx.xxx.xx block, it's AOL. Do you use AOL in any way? I've contacted them through an e-mail address supplied by sea69. They said sorry, no idea, not our department. A-huh. http://www.PCGuide.com/ubb/rolleyes.gif

If you use ZoneAlarm and need to get some work done, right click the ZA icon down in the right corner by the time. Click on RESTORE ZONE ALARM CONTROL CENTER. Uncheck the "show the alert pop-up window" box. Might work! http://www.PCGuide.com/ubb/smile.gif

Here's a link with a real basic definition of port 80.
http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212808,00.html

Seems harmless enough.

------------------
Peace and Love, brothers and sisters. Peace and Love

port 80 is for http, so you really need that if you wanna use your browser. If you make sure you have the latest patches for your browser you should be fine.

------------------
Sweet Intoxication

Like has been said port 80 is http, so if you really want it off, just shut down the connection...one possible explaination for the number of "hits" could just be a lousy connection, in which case if you do shut down the connection and restart it it may just clear up, and it is doubtful that anyone is actually attacking you through such an obvious port. Your firewall could also be reporting attempts by "spyware" to contact the web, in which case you may want to try running AdAware (http://www.lavasoft.de/) to find out if you are being an unwitting host for the ad iindustry.....

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

Hi
Maybe this applies

I read this on another forum ( reliable source)


quote:
--------------------------------------------------------------------------------
@Home has an advisory message out to all @Home cable users to expect rapid flashing of your RD light on your cable modem and an unusually large amount of hits from 24.xx.xxx.... IP addresses, which are cable IPs. They've been hit by the Code Red virus and are working to resolve it. You could see those symptoms for up to nine more days.
Just to be sure there's no confusion. If your running W95, W98 or ME, your not infected with the Code Red virus if you see those symptoms. Your just getting the "probes" from the infected servers.

buck



------------------
just hav'n fun

interesting Steve that they should say that, considering I just passed on what they sent me:

** Postmaster Autoresponder v.20000425 **

Thank you for writing with your question, concern or comment! You are receiving this automatically generated message to notify you of a change in AOL's postmaster mailbox procedure.

We have implemented a subject scanning mechanism to aid your abuse reporting efforts. If you include any of the following tags in the subject line of your issue, your email will be auto-forwarded to the appropriate mailbox. These tags are not case-sensitive.

Tags: massmail, spam, uce, ube, unsolicited, junk, email, e-mail
Will send your issue to "tosemail1@aol.com".

Tags: usenet, newsgroup
Will send your issue to "tosusenet@aol.com".

Tags: security, harassment
Will send your issue to "tosgeneral@aol.com".

Tag: web
Will send your issue to "tosweb@aol.com".

Tag: IRC
Will send your issue to "tosirc@aol.com".


The following mailboxes remain active, in the event you wish to continue sending directly to the appropriate mailboxes, rather than send only to "abuse@aol.com" or "abuse@aol.net".

** All unsolicited email complaints ("spam mail") should be sent to "tosemail1@aol.com"

** All usenet/newsgroup abuse issues should be sent to "tosusenet@aol.com"

** All Internet security issues (hacking reports, mailbombs, denial of service attacks, port scans etc.) should be sent with all log info to TOSGeneral@aol.com

** All incidents of member harassment or threats should be sent to "TOSGeneral@aol.com"

** All reports of AOL Web pages which do not comply with AOL's Terms of Service should be forwarded to "TosWeb@aol.com"

** All reports of IRC abuse should be forwarded to "tosirc@aol.com"

** No IM abuse reports will be accepted via email. IM users (AOL members/account holders) should use the "notify AOL" button found in the bottom right corner of the IM window. AIM (the free AOL Instant Messenger client) users should utilize the "block" and "warning" features found at the bottom of the AIM window to stop abuse.

Please visit the Postmaster FAQ at http://hometown.aol.com/postmaster for:
** Questions about junk mail (abuse policy, reporting abuse, reading headers, terms of service)
** Questions about sending mail to AOL (explanations of mailer-daemon bounces, DNS errors, etc.)
** General questions about AOL's services (billing, access, technical support)

** If you are experiencing network difficulties with AOL, or are experiencing a denial of service attack for which AOL is responsible, please find aol.com's ARIN or InterNIC registration and contact our Network Operating Center.

As always, please be sure to include all pertinent header information; we can not process email abuse/usenet abuse issues without full header information.

Thanks, and have a great day!

Postmaster Team
America Online, Inc.
v20000425

hmmmmmmmmmmmm........... try abuse@aol.com or net

http://www.PCGuide.com/ubb/eek.gif

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)




[This message has been edited by sea69 (edited 08-06-2001).]

Hi Sea,

I sent my inguiry to tosgeneral@aol.com. They got back to me in just a few hours. I was impressed. Their response was don't know, not our department, we'll forward your request. Haven't heard from anyone yet. Last night I sent another e-mail to the same address. No response yet.

I see what you mean, they clearly said "tosgeneral" in the e-mail they sent you. Port scans and all. I'll see what happens.

That's a pretty good list of AOL addresses! Maybe I need to tighten up those tag lines. http://www.PCGuide.com/ubb/rolleyes.gif



------------------
Peace and Love, brothers and sisters. Peace and Love

port 80 is for http, so you really need that if you wanna use your browser. If you make sure you have the latest patches for your browser you should be fine.


Port 80 is for HTTP, but it's the port on which an HTTP *server* listens, not the port an HTTP browser opens. Generally, servers listen on "well-defined" ports under 1024, and clients go out from high-numbered ports (>1024). The high-numbered ports are not organized by protocol; your browser just grabs whatever's available. So a packet from your browser to the PC Guide's web server would go from your.domain:15384 to www.pcguide.com:80, (http://www.pcguide.com:80,) for example. A packet from the server to your browser would go from www.pcguide.com:80 (http://www.pcguide.com:80) to your.domain:15384.

To secure port 80 doesn't require staying off the web; it just requires not running your own web server. But unless you're already doing this, nothing on your computer should be listening on port 80 anyway. If something other than a web server *is* listening, you should be worried, because it's probably a trojan. (You can check open ports with netstat -a -n.) But if you're running Zone Alarm or some other port-scan-detection software, you don't have to have a port open to get notified of a scan. Just because ZA tells you it blocked a packet to port 80 doesn't mean port 80 is open.

I expect the high traffic of late on port 80 has been due to this Code Red virus and its kin. They exploit a bug in Microsoft Internet Information Server, which is a web server. It's nothing for common web surfers to worry about, though.

Hope this helps!

Paul
~{:-)

Thanks guys !
At least I know what's going on now.
Still, makes me wonder why people don't do something CONSTRUCTIVE with their free time.
Down with haxors!
p.s. I think there is a crack for ZoneAlarm out there now.
I have had several hits on my secondary firewall lately(implying to me that they have gotten past ZoneAlarm).
Anyone know more about this?

------------------
I came.
I sawed.
I conquered.

I'm on an @home account myself and when my modem went flash happy, i checked out who was scanning me-it was @home, same story as above about the virii attacks and now they're scanning for a few days to " check security " http://www.PCGuide.com/ubb/rolleyes.gif Then had to argue with the tech support who tried to tell me that the code red worm affects all W2000 users; i don't run the server app-so it doesn't affect me when i use W2000 to surf, which i rarely do, since i boot into 98 by default. God i love the tech help they get these days. http://www.PCGuide.com/ubb/rolleyes.gif You'd think they would at least hire someone with some actual knowledge of PC's. http://www.PCGuide.com/ubb/tongue.gif

------------------
iisbob
"Soap and education are not as sudden as a massacre, but they are more deadly in the long run."

"Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." --Albert Einstein (1879-1955)

Does anyone know how to turn off Norton's Internet Securities popups? My uncle in Oregon has that, and the popups are driving him nuts...not to mention making him afraid to surf at all thinking all the bogeymen are trying to get in the door. He says he can't figure out how to turn them off.