correlation between porscans and local activity

This weekend I've started noticing a possible loose correlation between
portscans on my Linux boxes and local activity. It is connected to the
internet through a cable modem. It also provides masqueraded internet
connectivity for a couple of Win 98 boxes. The Windows boxes mainly are
used by the family for web browsing, icq, and aol instant messaging.

There now appears to be some coincidence between the times my family
does web browsing and when I get scanned for port 1080. I also got some
scans for port 31337 (back orifice?) following an icq session by my son.

Is this just a wild guess on my part or am I just now noticing something
blindingly obvious to everyone else?

Time to learn more about NAT and iptables so I can confirm this wild
theory.
Received on Jan 02 2000