Logging the IP would be a good idea if somebody actually tries to connect to the port. On the other hand....monitoring the fact somebody is just pinging a port would be a bad idea. Well...at least with the sound wav. I know a lot of admins that changed those features once they computer was to busy playing wav then anything else. A lot of people out there will ping an entire subnet looking for hosts that have a particular port listening...hell, most have tools that automate this process. Logging is not bad but for sanity reasons I would not suggest playing a wav or doing anything memory intensive. You could end of creating your own DoS that way

Cordially,

Sp1d3r