Behind Firewall Laptop is receiving port scan warning

[drew1701d]

One of my users is receiving a port scan warning from Norton Internet Security Suite even though he is connected to our local lan which is behind a Symantec Firewall appliance with all ports turned off except for port 443 for a SSL enabled site we host. I did research on the Port and apparently its only applies to FreeBSD and a game called Klasteroids, neither of which we have, how did his Internet Security Suite pick up the port scan even though he's behind our firewall, which did log the portscan along with various other scans which occur as expected in its logs and no the port is not open on the firewall except the one i mentioned. Inquiring minds want help!


Intrusion: Portscan
Intruder: 64.105.199.75
Protocol: UDP
Attacked Port 60463

"I'm certifiable, not certified. It just means my answers are from experience...not a book

 

[smah]

Well, my first google result came up with 1 possibility that I had thought - Windows Messenger, which (depending on setup/function) might be allowed to transverse the firewall

http://www.seifried.org/security/ports/60000/60463.html