Should I be worried?

[Cybr1d]

Well, the first thing I would do is run a whois search on those IP's... I like to know where its comming from, makes it more fun. Also, if you dont want to see logs of those IP's anymore i recommend setting an advanced rule in Sygate to block all incoming and outgoing traffic to the offending IP's. Hope my comment was of some assistance.

-Shell_Coder

LOL...is this a joke?

Coder, do you have a firewall? Firewalls get hit every day with a ton of scans..and your logs will fill up very fast if you set it up to log everything. Here's a typical example: Someone in my network is infected with NetBus. Then NetBus scans the IPs on that network to find vulnerable targets....the person has no Idea that this is happening. My firewall picks up the person's IP and it blocks it under the "NetBus" rule that comes with it....Now if I really wanted to waste my precioius time, I can do a whois, then trace the IP to the person's NODE...which can very well be roughly anywhere from 1 to 1000 miles from that person's location...hence resolving nothing. Or I could just tell my firewall to warn me only when something HIGH RISK tries to hit my PC.......understand?

Cheers.

[shell_coder]

Info Tech Geek, Im affraid I must dissagree... I can almost garuntee, that there is other traffic that the user is getting that Sygate is incapable of detecting. If I were to run a sniffer on his network, im positive there would be more to those logs. The advanced rule settings are there for a reason... ;-)

Also, I did not mean for him to block every IP in the log... just ones that look suspicous (i.e. not the portscan attempts).

-Shell_Coder