Unusual port scan?

[J Bailes <jonas2 () knology net>]

My router logs on my personal/home machine just started receiving with these scans:
 
12/28/2003 13:05:44.133 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:04:50.236 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:04:42.705 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:04:16.067 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:04:11.991 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:03:58.982 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:03:56.639 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:03:50.440 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:03:48.958 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:03:46.164 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:03:45.112 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:03:44.031 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:03:43.199 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:03:42.428 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:03:42.238 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800
12/28/2003 13:03:42.168 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1802
12/28/2003 13:03:41.757 - 81.52.250.105 : 80 >>> xx.xxx.xxx.xxx : 1800


The scans supposedly came from:

[Query: 81.52.250.105, Server: whois.ripe.net]
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 81.52.248.0 - 81.52.250.127
netname: AKAMAI-FT-US
descr: Akamai Technologies - US machines connected to FT AS5511
country: US
admin-c: NARA1-RIPE
tech-c: NARA1-RIPE
tech-c: NF1714-RIPE
status: ASSIGNED PA
mnt-by: FT-BRX
changed: gestionip.ft () francetelecom com 20030321
source: RIPE
route: 81.52.240.0/20
descr: France Telecom
descr: Opentransit
origin: AS5511
mnt-by: FT-BRX
changed: gestionip.ft () francetelecom com 20030214
source: RIPE
role: Network Architecture Role Account
address: Akamai Technologies
address: 500 Technology Square
address: Cambridge, MA 02139
phone: +1-617-250-4768
e-mail: ip-admin () akamai com
admin-c: NF1714-RIPE
admin-c: JP1944-RIPE
tech-c: NF1714-RIPE
tech-c: JP1944-RIPE
nic-hdl: NARA1-RIPE
notify: ip-admin () akamai com
changed: ip-admin () akamai com 20021025
source: RIPE
person: Noam Freedman
address: Akamai Technologies
address: 500 Technology Sq
address: Cambridge, MA 02139
phone: +1 617 250 4768
e-mail: noam () akamai com
nic-hdl: NF1714-RIPE
notify: noam () akamai com
changed: noam () akamai com 20021025
source: RIPE
[End of Data]


The scan seems to be looking for:
ansys-lm - ANSYS-License manager for port 1800
concomp1 - ConComp1 for port 1802

According to this: http://aaron.boim.com/unix/sshTunnel.html , it may be scan for an open proxy used for SSH? I dunno.

I'm not familiar with these services (nor am I running them).  I did not have any browser windows open at the time of 
the scan.  So, out of nowhere, why would an Akamai box scan me for these services?  Is anybody else getting this kind 
of traffic?


---------------------------------------------------------------------------
----------------------------------------------------------------------------