Oddly, right around 5pm(PST) I noticed less and less traffic(scans at my firewall) looking for tcp port 80. At the height of today 50% of our traffic on one of our T1s was various foreign addresses looking for open http servers. This is much more then usual and at first thought to be a spoof attack, but the nodes being scanned were too random. Don't know, but most of the ips we logged turned out to be MS IIS none patched boxes. Wonder if these hits on valid http servers are counted as hits and charged to the advertisers? lol.
Oh well.
-Joe