Just recently (within a couple of weeks), I have been constantly getting probes on high-numbered ports from the 209.73.225 set of IPs. NeoTrace Express traces these to Jerusalem, although the company, Cydoor Technologies, seems to be registered in the US. The general trace leads from my location to my ISP's mainframe to Jersey City, NJ to Jerusalem.

Here is the Registrant info on the trace via NeoTrace Express...

Cydoor Technologies Inc. (NETBLK-CYDOOR-209-73-225)
22 Maskit Street
Herzliya, N/A 46733
IL

Netname: CYDOOR-209-73-225
Netblock: 209.73.225.0 - 209.73.225.255

Coordinator:
Support, Tech (TS1229-ARIN) [email protected]
212-425-8780

Record last updated on 30-Aug-2001.
Database last updated on 9-May-2002 20:03:53 EDT.

The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.

And the IP (one of many in the 209.73.225 set) related to the probes...

5/21/02 5:06:16 PM Connection request 209.73.225.94 TCP(30412)

I have contacted 'Cydoor Technologies' about these probes, and have basically gotten the big "***k off" from them, with absolutely no explanation given. If it were just advertising probes, fine...but they are very high numbered ports(generally in the range of 24000 to 60000, so it seemed odd to me. I have run virus checks, both internally and externally, which yield results indicating no infections.

Anyone else have this problem, or anyone have some advice?

Ouroboros