Why Am`I getting these from an IP in China ? 

They seem to be very consistent.

21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (8085) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (9090) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (8118) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (8000)

Why Am`I getting these from an IP in China ? 

They seem to be very consistent.

21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (8085) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (9090) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (8118) .",Detected,No Action Required,Firewall - Activities
21/10/2009 9:27 AM,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 123.134.95.199, local service  Port (8000)

G`day: mdturner

I, e-mailed the abuse team, and have not heard back .

This is very annoying and makes me very nervous as too their intent.

Is there anything else that can be done on my behalf ?

123.134.95.199

Usually (4) attempts in a second on any ports.

What will happen if NIS2010 does not block them ? 

Just looks like a port scan to me.

NIS will block the probes, they are just probing for open services that they can exploit, most probably running a port scan of the entire class C network to see what they can find to hack.

Looking at the Whois, the IP belongs to China Unicom Shandong Province Network, so don't expect any reply from them.

Do you have the NIS firewall set on the default settings with port stealthing turned on? If so, don't worry about it, ignore it.

Hope that puts your mind at rest.

Cheers,

Will.

I've actually figured out what it is through a little bit of help from nmap and Google.  

Found this here: http://www.ipillion.com/?ip=123.134.95.199&ipsubmit=by+IP

It's a server in China scanning networks for open proxies, hence the ports which are being scanned repeatedly are 8085, 9090, 8080, 8800, 8000, 3128, which are all used for proxy servers of various types.

Definitely nothing to worry about, I reaffirm what I previously said....ignore it.

Even if they got through, those ports would be closed. No damage could be done. Only when a service has a port open and  the listening service exploitable could there be trouble.

Edit: NM

Thank`s for the info/website link

Learning is great !! 

Hi bowwie,

Can you please mark the post which you consider to be the most helpful solution as the solution, not your final post. 

Cheers,

Will.