Unusual log entries

Archived from groups: comp.security.firewalls (More info?)

I found some weird entries for blocked requests in my ZoneAlarm logs
-- they were coming from IPs:

216.239.59.99
216.239.59.104
209.123.205.211

on their port #80.

The first two obviously belong to Google, while the last one belongs
to NAC.net. They were trying to access my computer on ports 110, 111,
112.

The weird part is that this computer is connected to a (hardware)
router+firewall, so my question is: how the hell did those requests
come from the "outside world" into my computer? Some Google search
that asks for more information from the user, or something?

Archived from groups: comp.security.firewalls (More info?)

> I would consider the combination of those three to
> hack port scans, and would expect additional hits
> on many other ports, from the same server.
>
> I would be concerned about hits on port 110 and port 111 and
> not worry too much about the others, unless persistent.


Thank you for your reply and a very useful link. I mostly know stuff
about which ports belong to what; what puzzles me here is how the
apparent attacker came through my broadband router+firewall and only
got stopped on ZoneAlarm (on this specific machine). Actually, I did
perform a Google search at around the same time when the incident was
logged. Since the apparent attack is logged only in this very machine
(and not the other one, also with ZoneAlarm), it's also possible that
Google does some "research" when you're using their search engine.
What do you guys think about it?
There were no similar entries before or after the "incident".
Google then?
(No, no Google toolbar, I used plan Mozilla Firefox. )