odd new scan (or attack?) on TCP 14880

[JB Krewson <jkrewson () QPASS COM>]

Is anyone else seeing prolonged, determined probes against TCP port 14880?
Any idea what it is? They're usually in bursts of 60-80 attempts in a 1
minute period, against all of the addresses in a subnet. They just started
in the last 24 hours, and have popped up off and on all day. The source IPs
do not appear to be spoofed (or they're consistantly spoofed), in that they
are coming from a dial-in connection to the same couple of ISPs each time.
So, I'm thinking the purpose is more likely to be intrusion that information
gathering or DOS. They aren't getting anywhere (or likely to), but if it's
part of a broader attack, I'd like to look into it.

I can't find 14880 associated with any common Trojans, and it has no
mentions in CVE or XForce. Any hints on where to look would be appreciated.

J.B. Krewson
Qpass Operations