ns1.denyignorance.com is portscanning me (or so BlackICE says)

Anyone have noticed this also?

As soon as I surf to ATS my BlackICE says that ns1.denyignorance.com is probing the following ports (extract from BlackICE)

Time, Event, Intruder, Count, Destination Port, Parameter(s)
2004-08-13 16:12:10, TCP_Port_Scan, ns1.denyignorance.com, 3, 0, port=3898|3900|3929|3931|3937-3938|3942|3944|3980|3993|4003-4004|4007|4016|4018|4027|4040|4042|4052|4057|4059|4071|4074-4075

Anybody know why this happens?

// k

I doubt it's a port scan. Our Apache server is configured to allow a high number of "MaxClients" and multiple "child servers", which means you could receive several dozen connections from us (on port 80) for each page request. Depending on the sensitivity of your BlackIce settings, it could categorize this type of multiple-connect activity as a "port scan" when you first hit a page on our server. Does it happen every page-load, or just when you first hit ATS?

Seems like it happen just when I first hit ATS.

Are your web and ns on the same server?
(Since BI says it is the ns1 that causes this.)

I am not surprised though as BI sometimes sees "attacks" when there are none.

// k

Yes, NS1.denyignorance and www.abovetopsecret are both the same IP on the same box. If BlackIce does a reverse lookup on our IP, it is possible it would catch the primary name server first.