I keep getting my port 80 scanned. I'm not a server, just a regular home user on a cable modem. Of course, port 80 is closed, but what's the deal with that port always getting scanned?

Thanks,
orangganjil

CodeRed exploit.

Certain ports are known to use services. Obviously port 80 is for a web server, as you now know, you are not suppose to run a web server. Unless you have a business type of account for your cable provider. Here's a reference email regarding the port scan:

MrPeach writes: "In a move unsurprising to those of us who have had interactions with their so-called customer support, AT&T Broadband and Excite@Home are indefinitely filtering all incoming traffic on http port 80 for residential customers. They could have cut access to those running compromised servers, but instead chose to deny the ability to run a web server to all subscribers to their service. DSL anyone?" DSL won't save you. Verizon is apparently also blocking port 80 for their DSL customers, in addition to blocking outgoing port 25 and requiring use of Verizon's SMTP servers to send email. Verizon is also cheerfully paying fines for screwing over their competitors - the fines will be much less than the extra profit they can squeeze out once their competition is gone. :eek:

Thanks for the info. I'm not running a web server, but what are the scans looking for exactly? It gets scanned about fifteen times a day.

Later,
orangganjil

Code Red. Someone in your local subnet is probably running an infected webserver. @home is blocking port 80 farther 'out' so to speak.

I emailed @Home and got the following reply:

**DO NOT REPLY DIRECTLY TO THIS MESSAGE**
***EXCITE@HOME WILL NOT SEE ANY REPLY TO THIS MESSAGE***

Dear Subscriber",

It appears that you are reporting receiving traffic that is related to
the Code Red virus.

If you are receiving 'get' command strings from an @Home user or users,
directed at port 80, it is likely that that originating machine has been
compromised by the Code Red virus. One of the effects it has is to
cause infected machines to search for other machines that would be
exploitable. Machines that are running unpatched versions of Windows NT
Server or 2000, with a Web Server and IIS (Microsoft Index Server 2.0 or
Indexing Service in Windows 2000) are vulnerable to this exploit. If
you are NOT running this OS and services, your computer is not subject
to this particular compromise. For more information on this situation,
point your browser here:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp http://news.excite.com/news/ap/010805/20/code-red http://news.cnet.com/news/0-1003-201-6625599-0.html

If you have are running this Operating System, Microsoft suggests that
you obtain and run the patch as soon as possible:

For Windows NT: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833

For Windows 2000: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800

The @Home Network is currently working on proactive measures to respond
to this situation. You should see this activity cease from @Home
subscribers in the near future. Thank you for your report.

The @Home Network Policy Management Team

someone needs to release a version of code red that puts a timer on your desktop warning you it will kill your pets and grandma if you don't get off your *** and patch your server! something 3d looking like virtuagirl, and very distracting.

@Home aint blockin shiznet in my neck of the woods. (Rhode Island) I have been getting scanned at least 200 times a day on the lovely port 80(closed)

I let the logs build to over 5 megs and then simply email abuse@home.com

No reply yet though

Our data lights on our cable modem lights up every few seconds. I gotta find a way to get logs from our router. To see them.

I have my logs scanned through and emailed to me. Logcheck is a lovely thing. I am attacked hourly on port 80 from this code red. Every hour everyday, a new IP gets added to my deny file. After this Code Red stops im going to have over a billion IP's in my deny file. Oh well.

I've noticed my data light flashing a lot more than usual recently. I wonder...

*runs off to check logs*

I"ve been getting hit out the wazoo as well, over 160 in 2 hours last week.

I *****ed to comcast tech support, but they're as usefull as SPAM(the food too)

Then they *****ed at me for running a web server, buncha aholes...