...or at least this is what I see in my firewall logs often (there are hundreds of these)
10/03/2009 12:53:15.288 - Possible Port Scan - Source:74.86.98.223, 56025, WAN
10/03/2009 13:42:59.176 - Possible Port Scan - Source:74.86.98.223, 56025, WAN
10/03/2009 13:59:19.320 - Possible Port Scan - Source:74.86.98.223, 56025, WAN
10/03/2009 20:15:21.400 - Probable Port Scan - Source:74.86.98.223, 56025, WAN
10/04/2009 02:12:49.848 - Ini Killer Attack Dropped - Source:74.86.98.223, 56025, WAN
10/04/2009 02:18:28.304 - Probable Port Scan - Source:74.86.98.223, 56025, WAN
So I did a trace route and it goes back to a place called softlayer.com
I did a port scan back to see if I could identify at least what was doing this and I found a terminal services port open. If I connect to that IP, I get greeted by a windows server 2003 R2 box.
Whats my best course of action at this point? I initially thought of releasing and renewing my IP from my ISP but it keeps giving me the same IP back. Should I just give them a call?
Any suggestions welcome
10/03/2009 12:53:15.288 - Possible Port Scan - Source:74.86.98.223, 56025, WAN
10/03/2009 13:42:59.176 - Possible Port Scan - Source:74.86.98.223, 56025, WAN
10/03/2009 13:59:19.320 - Possible Port Scan - Source:74.86.98.223, 56025, WAN
10/03/2009 20:15:21.400 - Probable Port Scan - Source:74.86.98.223, 56025, WAN
10/04/2009 02:12:49.848 - Ini Killer Attack Dropped - Source:74.86.98.223, 56025, WAN
10/04/2009 02:18:28.304 - Probable Port Scan - Source:74.86.98.223, 56025, WAN
So I did a trace route and it goes back to a place called softlayer.com
I did a port scan back to see if I could identify at least what was doing this and I found a terminal services port open. If I connect to that IP, I get greeted by a windows server 2003 R2 box.
Whats my best course of action at this point? I initially thought of releasing and renewing my IP from my ISP but it keeps giving me the same IP back. Should I just give them a call?
Any suggestions welcome