not your typical : BAD-TRAFFIC tcp port 0 traffic portscanning?

["Michael Scheidell" <scheidell () secnap net>]

anyone else getting this? same 'destination' ip 121.35.241.129.  several
'destination' ports, 8000, 80,53.

I have seen this at several clients sites, (same 'destination') but
different 'source' (client is always source)

Any idea what they are doing? Trying to portscan? Looking for some
vulnerability with 'dest port' 0?
  

05/25-09:22:49 TCP 121.35.241.129:8000 -->  xxx.xxx.xxx.xxx :0
[1:524:8] BAD-TRAFFIC tcp port 0 traffic
[Classification: Misc activity] [Priority: 3] 


------------------------------------------------------------------------
------
#(2 - 738314) [2007-05-25 07:43:37] [snort/524] BAD-TRAFFIC tcp port 0
traffic
IPv4: 121.35.241.129 -> xxx.xxx.xxx.xxx
hlen=5 TOS=0 dlen=40 ID=51608 flags=0 offset=0 TTL=238 chksum=35950
TCP: port=80 -> dport: 0 flags=***A*R** seq=0
ack=759384068 off=5 res=0 win=0 urp=0 chksum=50032
Payload: none
 
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users