Last night it was late, but I read through the firewall log before going to bed.

I see that 2 attempted port scans have happened - one from an isp in Japan and one in France.

It's late, so I don't check much, but I did dig enough to see that the originating ip from Japan was a business in Tokyo. It appeared to be a legit business and had an admin contact, etc.

My question is this:

I "suspect" this corporation may have been hacked, and the hacker is using them to ip block scan for new victims.

Either that or a really bored employee was goofing around.

Should I write them and let them know in case my first suspicion was correct? I hate to get some bored employee in trouble if that was the case.

Opinions?

.: Aftiel