Aladdin eSafe Internet security Appliances - active scan

[Noah.Lance () APCC com]

I discovered a device that was actively and aggressively scanning my 
computer. I did a nmap OS id and it came out as a Aladdin eSafe Appliance 
(Linux 2.4 Linux 2.6). Looked at their site and it doesn't appear that 
they have any active type appliances. They all seem to be passive filter 
type appliances. 

http://www.aladdin.com/esafe

As soon as I noticed this I opened up wireshark and decided to watch any 
packets with src or dst of the ip. in less than 400 seconds it scanned 
11,376 ports consecutively on another computer and then began scanning the 
next one.

It went from IP 255.255.255.98 to ...84 to ...37, so that seemed fairly 
random but i didn't bother break it down either. Still with the same 
aggressive scan pattern.

Curious if we can shed some light on me about a gateway/content filtering 
appliance doing an active scan of the internal network, over an IPSec 
tunnel (possibly three, but the other hops are out of my AOR).

Some of the packets did come up as malformed with a correct checksum, as 
well as a few syn/fin packets out there as well. 

Thanks for the time all.