For the past week or so Outpost Pro 2.1 has logged at least one port scan attack each day. Sometimes
as many as three.

Here is a sample:

4:19:03 PM Attack Detection Report Port Scanning has been detected from 68.252.7.104 (scanned
ports:TCP (HTTP, 6129, 3127, 1025, 2745))

Under blocked connection I logged four attempts from this IP address at about the same time, all
were blocked.

These seem to be ports used by a lot of trojans and worms, however yesterday one attack showed this:

3/15/2004 9:35:24 AM Attack Detection Report Port Scanning has been detected from 68.52.181.121
(scanned ports:TCP (HTTP, 5000, 6129, 3127, 1025, 2745))

The attack always comes from a different IP address but I never noticed this happening in the past
so it bothers me that it is happening so frequently lately.

I've run TDS3 full system scan, spybot S&D, Adaware and use Nod32 as my AV updated daily. Nod did
find js/iestart trojan on my system in its daily scan a couple of days ago but this was happening
prior to and after removal of that trojan.

Is this just script kiddies or could something be hidden on my system that someone is looking for?

Should I be concerned or content knowing my firewall is doing its job?

Hey JoeyD

LOL!

I knew this looked familiar when I saw those ports you listed off, my security system drop those packets yesterday beginning 21:27, and when I looked through the today’s logs I also seen this again AND from the same IP…

No need to be concerned since you did say your Software Firewall “blocked” these, so its doing its job!