Originally posted here by nihil
Foxy and the other members are right:
Like the IP addy is 123.123.123.789 EVERY time, or do the characters change?
That is quite IMPOSSIBLE! You should know better than to have any octet higher than 254... Just messing with you though... as you were just using it as an example.

Its possible (as others pointed out) that the ISP is just seeing if that IP is in use and if it can be issued to another customer. If they get no reply, then they put it in their DHCP pool and lease that IP to another customer. This would create ip conflicts though... so I'm not quite sure why they'd do it this way. I've never see this type of activity from my ISP. (verizon DSL)...

However.. I DO see them scan me from time to time for "unauthorized servers"... they just scan normal ports... 21, 22, 80, 8443, 8080, etc. So, basically... if I wanted to run a server, I could just block those scanning machines and verizon would not be any wiser. I could also just change the ports that the services are running on... Unless they were actually monitoring traffic...

As everyone else said though... this type of activity is pretty normal. Could be infected machines, could be some s.kiddie running his tools. You should just be happy your're blocking them. If you don't want the alerts to show up... then config your firewall not to alert you.

You could also put another box between you and your internet connection... like a router if you are on broadband. Or a smoothwall box if you're on broadband or dial up. Then everything would be logged on that box and you wouldn't see it on your other PC.