typical DOS or something more sinister?

[joe () ITS UNIMELB EDU AU (Joe H)]

check out these flows (a few of millions!):

 -source-        -dest-       -sport-  -dport-  -protocol-
212.187.65.86   203.5.67.63     7744    7       17
212.187.65.86   205.5.66.128    6537    7       17
212.187.65.86   205.5.66.63     29432   7       17
212.187.65.86   205.5.66.128    15793   7       17
212.187.65.86   205.5.66.191    17367   7       17
212.187.65.86   205.5.67.63     29210   7       17
212.187.65.86   205.5.67.127    351     7       17
212.187.65.86   205.5.66.127    17330   7       17

There are a few things to note
1. All are aimed at strategic points in the network (eg., broadcast
addresses)
2. They are all aimed at port 7 (echo)
3. All are of proto type 17 (udp)

This looks like a typical DOS. The dest. addr is spoofed and
this has been happening almost every day for the last week
from different remote ip addresses (except that this is the
first time the ip is spoofed). At one stage two dest hosts
were simultaneously doing the same as above to the same network.

Q's
1. Why all of a sudden are ip's from all over the world targetting
_only_
   this particular network? (we have about two hundred others)
2. Why is it all port 7 only?

One ip range came from domain chello.nl and filtered off. Another came
from
a differnet range but again the same top end domain chello.nl
Is it possible that we are being used as a magnifier to launch
a larger attack (DDOS maybe) on another host/network?

Thanx
/joe/

PS  Do you need to allow port 7 (echo) traffic from outside
    your internal networks (ie., from internet) eg., for ping?