Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The Web Proxy service received 15 request(s) from the internet port during the past 112 seconds while internet publishing was disabled.
|English: Request a translation of the event description in plain English.|
From a newsgroup post: "It means a user with a browser or, more likely another web server is trying to connect to your default website while you machine is set to not accept the connection. The most common now-a-days is a web server infected with CodeRed (or similar) is trying to spread its infection to other web servers and has decided yours is a target. You can't do anything about them. Your options are to keep Publishing disabled so you web server continues to reject connections from the outside, or make sure you server is properly updated with the proper patches so that it is not vulnerable should you decide to enable Publishing. Personally, I would keep the patches updated either way."
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated