Getting port 80 attacks and Nimba Propagation....questions.
Posted on 2003-10-30
Have Norton Internet Security 2003 and Netgear 814 router running with Windows XP PRO and comcast high speed internet. Only port 80 open right now as I have a webserver on my machine with Apache. I got attacked just a while back from two different ip addresses. Here is what the log says:
Attempted Intrusion "Nimda_Propagation" against your machine was detected and blocked
Risk Level: High
Attacked IP: redbull1(192.168.0.2).
Attacked Port: http(80)
Click on the address to trace the attacker
Have also been getting this popup many times a day:
Details: This one time, the user has chosen to "block" communications
Inbound TCP connection
Local address,service is (redbull1(192.168.0.2),http(80))
Remote address,service is (126.96.36.199,2628)
Process name is "C:\WEB\Apache2\bin\Apache.exe"
I know to block the nimda attack but what about this second one. What could it be? A few of the ip addresses are from comcast itself. Is this normal?
Anything I should know about this nimda attack as well?