Random ports being scanned

Since using Peerguardian for a while, I have noticed lately that my IP block list shows blocked connections to different ports on my router, seemingly at random but ranging from ports 1000-5000. These port scans seem to come from different IP ranges but tend to be organized, moving up in succession even though the source IP is from a different range.

Companies assigned to the IP ranges,

Time Warner Telecom
Time Warner Telecom, Inc
Emirates Telecommunications Corporation
Private Customer - SBC Internet Services
MERCURY-INTERACTIVE
Epoch Internet
NETSENTRY -Net Sentry Corp
IBM Globel Services India
Technical Chamber of Greece
OC3 Networks & Web Solutions, LLC

There is more but this is only the ones I sampled in the last 20 minutes. So what happens if they find an open port?

 

anyone?

 

Hi chrisdab,

Are you using a P2P or torrent client?
Please confirm the direction of the blocked connections, also are these showing in the peergaurdian log or the router log.

 

Hello,
If you're using P2P, you'll get millions of these daily... that's exactly what PG is supposed to do. BTW, don't confuse remote port and local port.
Mrk

 

These are logs off of PG and I do check to make sure it is to my IP address. I use utorrent as my bitturrent. Its funny that noone else gets these except me.

 

Hi chrisdab,
The Companies you mention (Time Warner, NETSENTRY ect) do attempt to intercept P2P/torrent client traffic, they even become part of that network to see if users will upload to them. This is to see if users are downloading/uploading copyright material.

 

Its normal enough. Sometimes these are botted machines as well. I'd say that 90% of my daily log here at work are random source ports with a destination of either 5700, 5800, 5900 (Virtual Network Computer) or 2967 (Symantec Corporate A/V) vulnerabilities.

Last time I checked the survival time on the Internet with no firewall or A/V software was around 6 minutes. Thats just harsh.

On the good side it makes for short analysis and few people to actually block by the end of the day.

As for the companies you mentioned. A great number of them allow open sockets and/or mail relays and will be "listed" by SORBS, et. al. as having problems. Much of this could be cleaned up if ISPs were a bit more proactive in there procurement and monitoring of what goes through their own pipes. Which in the long run is actually costing them more money than by managing things properly.

- beads