Somebody port scanned me on ports 33463, 33464, 33465, and 33467 and an instant later somebody scanned 33459, 33460, 33461, and 33463

170.224.176.50
170.224.176.49

From these two IP's. I backtraced them and it tells me its IBM.


OrgName: IBM
OrgID: IBM-1
Address: IBM Raleigh - IP Services Team
Address: 3039 Cornwallis Road
City: Reserach Triangle Park
StateProv: NC
PostalCode: 27709-2195
Country: US

NetRange: 170.224.0.0 - 170.227.255.255
CIDR: 170.224.0.0/14
NetName: IBM-COMMERCIAL
NetHandle: NET-170-224-0-0-1
Parent: NET-170-0-0-0-0
NetType: Direct Assignment
NameServer: RTPUSSXDNSB03.RALEIGH.MEBS.IHOST.COM
NameServer: RTPUSSXDNSB04.RALEIGH.MEBS.IHOST.COM
NameServer: BLDUSWXDNSB01.BOULDER.MEBS.IHOST.COM
NameServer: BLDUSWXDNSB02.BOULDER.MEBS.IHOST.COM
Comment:
RegDate: 1995-04-21
Updated: 2005-06-03

OrgTechHandle: NOCTE3-ARIN
OrgTechName: NOC Team
OrgTechPhone: +1-999-999-9999
OrgTechEmail: noc@ibm.com


Why in hell would someone from IBM be port scanning me? Then my firewall blocked out traffic from both IP's for 600 seconds.

I'm just kind of curious, it seems as if someone tried to do a bad attack, but from IBM?? What do you think it is?

/me coughs ...

You're running some instant messaging clients?
Chat with people who may be working at IBM?


Cheers,
Tink

AFAIK noone I know works at IBM

Just a normal home computer? Or are you running a webserver or something along those lines?
IBM did announce they would be releasing an open source search engine of sorts, so maybe they are trying to index you (if you are running a webserver, etc.)
*shrugs* I wouldn't get too hot and bothered though.

Except for the fact that webservers being indexed by search engines usually happens on port 80.....

*shrugs*
Maybe they got confused?

i've got the same problem
being portscanned by those two ip's
I've did some homework and I've got the mac address of the atacker
00-30-B8-C1-78-01
anyone who knows what to do?
I don't know what happened
greetz

TCP, UDP ?
TTL?

Could be a traceroute