A new hack tool - tcp port 3139 ?

[<METE.EMINAGAOGLU () DIGITALPLATFORM com>]

Hi to all,

Beginning from 6th of March until today, I' ve been continously observing a very strange and presumably dangerous probe 
(possibly caused by a new trojan or trojan-like tool) in my Firewall logs. 

The source IP is different real-world IP' s, the destination IP is always my FW' s outer interface IP, and the service 
port is tcp 3139.

However, it' s s.thing like a "masked" action. Because, when I analyse the logs in detail, Xlate Dest IP' s are any of 
our DMZ IP' s (random), and the Xlate Destin Port is,

tcp 80 - http !!! 

Has anyone faced this similar oddity? I' ve searched all the sec. sites, news, but nope!!!

Thanks in advance...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com