I turned on my *nix boxed to discover these logs from snort:

Events between 10 21 05:50:11 and 10 21 05:51:21
Total events: 2
Signatures recorded: 1
Source IP recorded: 1
Destination IP recorded: 1

Events from same host to same destination using same method
# of from to method
2 (portscan) TCP Portsweep

Percentage and number of events from a host to a destination
% # of from to
100.00 2

Percentage and number of events from one host to any with same method
% # of from method
100.00 2 (portscan) TCP Portsweep

Percentage and number of events to one certain host
% # of to method
100.00 2 (portscan) TCP Portsweep

I whois the address only to get this back:

Priority Colo PRICOLO-BLK02 (NET-204-15-192-0-1) -
Ken Snider PRIORITYCOLO-204-15-193-128 (NET-204-15-193-128-1) -
#ARIN WHOIS database, last updated 2006-10-20 19:10

So i check my router logs to find this address repetidly trying to connect on random ports above 40000: 45945 45748 45277 45517 45102 45736 45073 45945 45736 45235 45253 45374 45800 45479 45789 45296 45651 45066 45817


So i whois this address to bring back:

OrgName: Asia Pacific Network Information Centre
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: -
NetHandle: NET-202-0-0-0-1
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
RegDate: 1994-04-05
Updated: 2005-05-20

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net

I cannot seem to find any suspicouse file and tripwire has not logged anything changed.

Im running debian with 2.6 kernel with only one running service, SSH.
My box is fully updated and patched.

Any help would be great.