IDS which denies access after one "false" scanned port

[Martin T <m4rtntns () gmail com>]

I found a webserver, which serves webpage on TCP port 80, but in case
I try to connect to any other TCP port, my IP will be blocked for
10min. Example below:

[root@ ~]# ping -qc1 www.<domain>.com
PING www.<domain>.com (10.10.10.3): 56 data bytes

--- www.<domain>.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.793/1.793/1.793/0.000 ms
[root@ ~]# telnet www.<domain>.com 80
Trying 10.10.10.3...
Connected to www.<domain>.com.
Escape character is '^]'.
Connection closed by foreign host.
[root@ ~]# telnet www.<domain>.com 37219
Trying 10.10.10.3...
^C
[root@ ~]# telnet www.<domain>.com 80
Trying 10.10.10.3...
^C
[root@ ~]# ping -qc1 www.<domain>.com
PING www.<domain>.com (10.10.10.3): 56 data bytes

--- www.<domain>.com ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[root@ ~]#


Anyone seen such behavior before? Is it somehow possible to
detect/guess, which IDS this might be? Any other suggestions how to
find out more information about this IDS and server behind it?


regards,
martin

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------