I am busy sifting through my iptables logs and have what looks like a distributed port scan. A bunch of TCP packets sent to high numbered ports (>1024) from 5 or 6 different IPs. Each IP is in the same subnet 205.188.162.* and each originated from the same src port 1028. My first guess is that this is a scanner designed to thwart automated detection schemes.
I am new to the game of log browsing so I don't know if there could be an innocent explanation for this but it looks suspicious. Is there any way to get the ISP information for a given subnet, so I can file a complaint if I want? JDH
