I have a home network that I thought was pretty secure. It uses an old
Macintosh running the NAT program IPNetRouter. Sometimes I use the FTP
or web server function of IPNetRouter, but fortunately no one writes
viruses for old out–of-date Macs these days and I have never had
a problem. These are currently turned off.

I am upstairs running Windows XP with ZoneAlarm Pro (mostly to check
for anything I don’t know about going out). I was surprised to
find a few rare cases of ICMP packets coming in from the outside and
reaching my PC. Most of these were responses to pings initiated on my
end. This kind of makes sense I guess. I don’t know how long
IPNetRouter remembers where to route ping echos, but often if I ping a
known spammer in China I will get a series of pings back from several
different IP addresses over the next 10 minutes (most of them starting
with 66… unregistered). This stuff gets through IPNetRouter, but
is presumably harmless.

Here is the weird part. Today out of the blue I get a UDP packet on
port 1026 from a server in China. No previous ping attempt from me.
Port 1026 is apparently being used these days for popup messenger
spam. I checked ShieldsUp and I find that Port 1026 is closed. In fact
every port is closed , except for 131 – 136, which are shown as
“stealth”. And my messenger service on Windows XP is also
disabled/stopped. At this point I am tempted to turn it on, just to
see if a message actually appears.

Packet in question:

Source IP: 61.143.182.138:30111
Protocol: UDP
Detination: 192.168.0.62:1026 (my local LAN address)

My question: how is this possible? Anyone have any idea how a spammer
in China could get through my NAT router and reach my PC like this?

Second question, any recommendations for a software program that runs
on PowerMac circa 1996 (OS 7. something) that would give me a log of
all port probes?

Thanks

Marc