[Sake Blok <sake@xxxxxxxxxx>]

On Tue, Feb 28, 2006 at 01:49:26PM -0800, Jason Hernandez wrote:
> Thanks! Here is the sample line of the log that was sent to me. I replaced
> the IP with X's. The first set of X's is the IP of my router and the other
> set is the IP it's scanning. 
> 
> 2|Feb 20 2006 14:33:10|106001: Inbound TCP connection denied from
> X.X.X.X/13331 to X.X.X.X/445 flags SYN on interface outside

If you have access to the router on your end of the ISP connection, 
I would configure an accesslist on it to block tcp-port 445, that 
will keep your ISP happy. If you enable logging on that access-list
you will also be informed about the ip-address of the workstation
that is initiating these sessions.

If you don't have access to you router, I would put the ethereal
PC on a port of the hub/switch that the router is connected to. If 
it is a hub, start up ethereal and select a capture filter of "port 445".
That will show you which workstations are involved. If it is a 
switch, you will need to configure a monitor-port. If you don't 
know how to do that, you might want to contact your switch
reseller to assist you with that (of have a look at the friendly
manual that came with it :))

I hope this helps...


Cheers,   Sake