Re: port 80 access while downloading over ppp ?

To: debian-laptop@lists.debian.org
Cc:
Subject: Re: port 80 access while downloading over ppp ?
From: Blars Blarson <blarson@blars.org>
Date: Thu, 10 Jul 2003 13:18:52 -0700
Message-id: <[🔎] 200307102018.h6AKIqdv021372@renig.nat.blars.org>
In-reply-to: <[🔎] 200307101406.29932.Michael.Wordehoff@gmx.de>

In article <[🔎] 200307101406.29932.Michael.Wordehoff@gmx.de> 
Michael.Wordehoff@gmx.de writes:
>Last night i was apt downloading over a slow modem when i did notice something 
>started apache processes on my box (debian woody 3.0r1).
>Apache is started from inetd here, listening on port 80, just for local 
>document reading (like dhelp).

As others have said, it's a system infected with IIS trying to see if
it can make your IIS even more corrupt.  (Since you don't have IIS, it
won't succeed in doing anything more than anoy you.)

If you were running apache as a daemon, I'd recommend only listinging
to 127.0.0.1.  Since you are using inetd, that's not an option, so you
should filter out such attempts with iptables (or ipchains if you are
using a 2.2 kernel).  I'd use this at the appropriate place:

iptables -A INPUT -p tcp --dport 80 -s ! 127.0.0.1 -j DROP

-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden

Reply to:

References:
- port 80 access while downloading over ppp ?
  - From: mi <Michael.Wordehoff@gmx.de>

Prev by Date: AW: Debian Woody on Asus L3C
Next by Date: Re: Sid, pcmcia and NFS mounts? I'm confused
Previous by thread: Re: port 80 access while downloading over ppp ?
Next by thread: Pcmcia card going off too early
Index(es):
- Date
- Thread