14 times in a few minutes........but why???
I am new to this probing stuff.........so I'll post the info from Whois........can you tell me why and why??

IANA (IANA-CBLK-RESERVED)
Internet Assigned Numbers Authority

4676 Admiralty Way, Suite 330

Marina del Rey, CA 90292-6695

US

Netname: IANA-CBLK1
Netblock: 192.168.0.0 - 192.168.255.255

Coordinator:
Internet Corporation for Assigned Names and Numbers (IANA-ARIN) res-ip@iana.org
(310) 823-9358

Domain System inverse mapping provided by:

BLACKHOLE-1.IANA.ORG 192.0.32.18
BLACKHOLE-2.IANA.ORG 192.0.32.19

These blocks are reserved for special purposes.
Please see RFC 1918 for additional information.

Record last updated on 12-Oct-2001.
Database last updated on 13-Feb-2002 19:56:13 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
*******************************************
this is from the za log file.........
ZoneAlarm Logging Client v2.6.362
Windows 98-4.10.2222- A -SP
type,date,time,source,destination,transport


FWIN,2002/02/14,16:30:53 -5:00 GMT,192.168.202.49:53,12.245.6.xxx:1388,UDP
FWIN,2002/02/14,16:30:57 -5:00 GMT,192.168.202.42:53,12.245.6.xxx:1390,UDP
FWIN,2002/02/14,16:30:57 -5:00 GMT,192.168.202.52:53,12.245.6.xxx:1391,UDP
FWIN,2002/02/14,16:31:00 -5:00 GMT,192.168.202.43:53,12.245.6.xxx:1395,UDP
FWIN,2002/02/14,16:31:00 -5:00 GMT,192.168.202.42:53,12.245.6.xxx:1396,UDP
FWIN,2002/02/14,16:31:03 -5:00 GMT,192.168.202.43:53,12.245.6.xxx:1399,UDP
FWIN,2002/02/14,16:31:04 -5:00 GMT,192.168.202.46:53,12.245.6.xxx:1400,UDP
FWIN,2002/02/14,16:31:04 -5:00 GMT,192.168.202.46:53,12.245.6.xxx:1407,UDP
FWIN,2002/02/14,16:31:07 -5:00 GMT,192.168.202.44:53,12.245.6.xxx:1411,UDP
FWIN,2002/02/14,16:31:09 -5:00 GMT,192.168.202.43:53,12.245.6.xxx:1414,UDP
FWIN,2002/02/14,16:31:13 -5:00 GMT,192.168.202.50:53,12.245.6.xxx:1416,UDP
FWIN,2002/02/14,16:31:16 -5:00 GMT,192.168.202.45:53,12.245.6.xxx:1423,UDP
FWIN,2002/02/14,16:31:23 -5:00 GMT,192.168.202.48:53,12.245.6.xxx:1426,UDP


I may be old .......but I ain't dead..............yet.....
t-you for you help, gang
& let me know what else you need..............
jd-phoenix22

[Its been brought to my attention that 12.x.x.x is your IP? *If this is correct, you may want to edit your IP out, and I'll edit it out of my post. *I'm leaving soon, very tired and can't think. *So let me just remove the IP just in case from my post.]

sure that was my ip.........but they don't last long w/attbi

{QUOTE-> sure that was my ip.........but they don't last long w/attbi <-QUOTE}

Meaning you don't have a static IP number. Conclusion is as well, it's not your system in particular that has been targetted, but at least one IP Range - probably the one from your ISP.

Probes like these occur fairly often, and can have different sources. CodeRed and Nimda are examples from this.

Since your Firewall is taken care of the probes, I wouldn't worry about these incoming alerts. Time to worry when you encounter (blocked) outgoing firewall alerts, unknown to you.

regards.

paul

Paul: Thanks for clarifying that.......................i didn't think it was an issue but, *what got my attention was the multiple probes.....i began to think ......oh, so you really want in my system......

My pleasure, Phoenix22.

regards.

paul

The IP is in the private range and UDP 53 is DNS. Are you on a network that runs a DNS server? If not it's probably spoofed but your FW is working :)

Guess I was a little extra paranoid about this and have since run a test on the f/w........determined it may have been looking at my group, however, i could not be seen.........case closed......and we are stealthy.......t-you one and all....