>>9In your firewall logs you will mostly find hundreds of unsolicited connection attempts per day looking for weak services - mostly probing TCP port 445 (Samba), but also Telnet, SSH, WWW, DNS, SMTP, SIP, and others. Most probes tend to come from China and various other Asian/3rd world countries, but are not limited to that.
Moral: attempts to connect to services you aren't actually running are clearly hostile probes, not so much directed at you, but part of sweeps of IP ranges in an effort to find a potentially weak service and thus an attack vector to take over a system/network. IF you do run services and open/forward ports, make absolutely sure the service itself as well as the network infrastructure and configuration are as secure as possible.