AnsweredAssumed Answered

QID 38229 - 80 Service Stopped Responding

Question asked by ITSupport on Dec 15, 2011
Latest reply on Dec 22, 2011 by Alex Quilter


Issue: a customer has been provided a Technical Report for Payment Card Industry (PCI) which has resulted in a "non-Compliance" result.


QID 38229 - 80 Service Stopped Responding = Level 3




The service/daemon listening on the port shown stopped responding to TCP connection attempts during the scan.




The service/daemon is vulnerable to a denial of service attack.




This QID can be posted for a number of reasons (e.g., service crash, bandwidth utilization, or a device with IPS-like behavior).


If the service has crashed, report the incident to the Customer Support or your QualysGuard re-seller, and stop scanning the service's listening port until the issue is resolved.


If the issue is bandwidth related, modify the Qualys performance settings to lower the scan impact.


If you do no find any service/daemon listening on this port, it may be a dynamic port and you may ignore this report.




3 consecutive connection attempts failed after a total numer of 0 successful connections.




This customer utilises Windows SBS 2003 server which has OWA webmail published to the internet with initial HTTP header re-directed to HTTPS and no actual access on HTTP port 80 other than the re-direct facility. This connected to the internet via standard NAT/Firewall port forwarding setup through a Draytek Vigor 2800 Router, which had the Denial Of Service (DOS) feature fully enabled as such I'm requesting information as to how to resolve this issue as the noted solution in the report is not helpful/relevant in this instance.  This customer has insisted that we fix this issue so as they can keep their Credit Card Payment facility.


If a solution is not possible and this behaviour type is by design, none changeable, and of standard practice, I will require some correspondance so as to relay to the customer.