Getting port 80 attacks and Nimba Propagation....questions.

Have Norton Internet Security 2003 and Netgear 814 router running with Windows XP PRO and comcast high speed internet.  Only port 80 open right now as I have a webserver on my machine with Apache.  I got attacked just a while back from two different ip addresses.  Here is what the log says:

Attempted Intrusion "Nimda_Propagation" against your machine was detected and blocked
Intruder: 68.69.247.119(4326)
Risk Level: High
Protocol: TCP
Attacked IP: redbull1(192.168.0.2).
Attacked Port: http(80)
 Click on the address to trace the attacker  

Have also been getting this popup many times a day:

Details: This one time, the user has chosen to "block" communications
Inbound TCP connection
Local address,service is (redbull1(192.168.0.2),http(80))
Remote address,service is (68.86.194.59,2628)
Process name is "C:\WEB\Apache2\bin\Apache.exe"

I know to block the nimda attack but what about this second one.  What could it be?  A few of the ip addresses are from comcast itself.  Is this normal?

Anything I should know about this nimda attack as well?

Thanks,
Jeff

 




jeffvb9Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Nimda, a sophisticated program that spreads through Web sites and e-mail, also targets personal computers. That allows it to spread faster and makes it harder to track, security experts say.

"It is persistent, and we don't see it going away," says Dan Ingevaldson, a researcher at Internet Security Systems. "The potential target is orders of magnitude larger than Code Red. Anyone who uses an Internet Explorer Web browser or e-mail is susceptible."

http://www.usatoday.com/money/tech/2001-09-26-nimba-virus.htm

 Download nimda.zip (Utility and instructions, Zip file)
 Download nimdasfx.exe (Utility and instructions, self-extracting Zip file

From http://www.sophos.com/virusinfo/articles/nimda.html

To Make sure YOUR not infected

But by the sounds of it your machine is getting attacked from an external source and your system is protected.

The second one is a probe from these guys

Comcast Cable Communications, Inc. JUMPSTART-2 (NET-68-80-0-0-1)
                                  68.80.0.0 - 68.87.255.255
Comcast Cable Communications, Inc. PA-METRO-18 (NET-68-86-192-0-1)
                                  68.86.192.0 - 68.86.207.255

Apart from Port 80 they appear to be using

Port 2628 DICT
(TCP) Dictionary Server Protocol (DICT) as defined in http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2229.html

Pete
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
juliancrawfordCommented:
If your getting too many hits you can block the ip or subnet with IPSECPOL.
http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp
0
PrashantArpanaCommented:
Just download the tool known as FSNIMDA3.EXE and clean you computer with it. All you probs regading the Nimda thing will be sorted out.

Also to be on safer end do rescan you pc with some antivirus software once the tool has finished it job.

Also make sure to turn of "system restore" if you are running WinME or XP.
0
Pete LongTechnical ConsultantCommented:
Hello this question has been open a while please take the time to come back and clean it up.

Closing Questions
http://www.experts-exchange.com/help.jsp#hs5


Best Wishes

Pete
www.petenetlive.com
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.