This mornings activity log shows this:
. . . From 23.102.132.99 - 2 packets to tcp(3389) From 23.102.133.164 - 1 packet to tcp(3389) From 23.102.134.239 - 2 packets to tcp(3389) From 23.102.136.210 - 3 packets to tcp(3389) From 23.102.136.222 - 2 packets to tcp(3389) From 23.102.137.62 - 3 packets to tcp(3389) From 23.102.137.101 - 2 packets to tcp(3389) From 23.102.138.184 - 1 packet to tcp(3389) From 23.102.138.216 - 1 packet to tcp(3389) From 23.102.139.11 - 2 packets to tcp(3389) From 23.102.139.27 - 5 packets to tcp(3389) From 23.102.140.90 - 2 packets to tcp(3389) From 23.102.140.158 - 3 packets to tcp(3389) From 23.102.161.114 - 1 packet to tcp(3389) From 23.102.170.1 - 2 packets to tcp(3389) From 23.102.170.48 - 4 packets to tcp(3389) From 23.102.171.49 - 2 packets to tcp(3389) From 23.102.172.233 - 2 packets to tcp(3389) From 23.102.173.124 - 2 packets to tcp(3389) . . .
These are either mostly or entirely MicroSoft.com addresses. Any ideas as to what legitimate use this probing might have? I know that 3389 is MS-RDP. My question is why would a 'reputable' firm be scanning my systems for open connections on that port?