More Doubleclick Scans?

[Matt Dunn <matt () electrocentric com>]

I'm noticing a lot (and I do mean a LOT) of activity coming from various
machines associated with doubleclick in the TCP port range 27900-29500,
give or take. AFAIK, this port range isn't traditionally associated with
any particular attack, but I haven't had a lot of time lately to stay
current on the latest developments in that arena.

At this point, I'm assuming it's a variation on the port 7 thing, but I
can't see how they would justify this since (if memory serves) the
geographic locating software they had depended on the ability to recieve an
echo reply.

Any thoughts on this would be appreciated.

-Matt