Help - Port 80 being targeted

From: Nick (nlel@ecosse.net)
Date: 07/04/02


From: "Nick" <nlel@ecosse.net>
Date: Thu, 4 Jul 2002 12:52:54 +0100

Hi;

I have a webserver running on Port 80. The system has BlackIce Defender
IDS/Firewall and Norton AntiVirus running on it.

I also use the dns2go.com client for name resolution.

Problem;

I use the dns2go.com client connection watcher and spotted this behaviour;

I am occasionally getting multiple HTTP connections to port 80 from the same
ip address on different remote ports. The result of this is error "403.2
Access Denied to many users" when someone tries to access my webserver.

Sometimes there is 5 connections sometimes 10 but usually from a single ip
address on different remote ports. The only thing I can do is block the
remote IP address or IP address range and restart the webserver this seems
to get rid of them and the webserver is accessible again.

What could this be ? I am right in thinking its not normal behaviour (I am
using XP Pro IIS with all the latest security updates)



Relevant Pages

  • Re: Client Zugriff auf IIS
    ... dass der Client den Webserver auch erreichen kann. ... Firewall entsprechend einstellen (Port 80 freigeben). ...
    (microsoft.public.de.inetserver.iis)
  • Re: Newbie questions
    ... >> 1) Can I install a piece of firewall software which will only permit ... >> running Linux) to route requests to port 80 to MS-Windows Server? ... cash you have at your disposal, and what other network services your ... have to run a webserver for business read a book and get advice/help from ...
    (comp.security.firewalls)
  • Re: Clarification
    ... >I am writing a webserver for a class project and I need to write one ... >port in rapid succession. ... >communicating with the client is not necc. ... >If firewalls are typically set up to allow outgoing HTTP requests ...
    (comp.security.firewalls)
  • Re: Masqed client cannot access masqed server
    ... >> sharing app and the aforementionned webserver. ... but port 80 connections time out. ... The internal client looks at the destination address and its own address ... then the router no longer drops the packets (check the syslog ...
    (comp.os.linux.networking)
  • Re: [ANN] RealThinClient SDK 1.7 > build stable Clients, Servers and ISAPI extensions
    ... I executed the server exe on my hosted windows 2003 webserver to use port ... 80090 and the client can't make connection to it. ...
    (borland.public.delphi.thirdpartytools.general)