nmap or a rat in the set

[KHOO Guan Chen <khoogc () singnet com sg>]

When I tcp scan one port I find that my syslog will report connection
refused from 4 ports. For example:-

[root@daisy]# nmap -sF -p12345 localhost

Starting nmap V. 2.07 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/)
No ports open for host localhost (127.0.0.1)
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

[root@daisy]# tail /var/log/messages

<snip>

Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1,
port 
80
Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1,
port 
45549
Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1,
port 
12345
Feb 15 14:28:00 daisy kernel: sec: TCP connection rejected from 127.0.0.1,
port 
45529


It does not matter which port I specify, I will always get a reject for
port 80 also.

UDP scan also produced funny results.

[root@daisy]# nmap -sU -p30051 localhost

Starting nmap V. 2.07 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/)
WARNING:  -sU is now UDP scan -- for TCP FIN scan use -sF
No ports open for host localhost (127.0.0.1)
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

[root@daisy]# tail /var/log/messages

<snip>

Feb 15 16:11:35 daisy kernel: sec: TCP connection rejected from 127.0.0.1,
port 80
Feb 15 16:11:35 daisy kernel: sec: TCP connection rejected from 127.0.0.1,
port 37357

Doesn't matter what port I specify. I will get connection rejected from
port 80.


Can someone be kind enough to straighten me out? 
Thanks.


Cheers

Richard KHOO Guan Chen