Re: Another odd UDP scan - new trojan?

[lurker () ITIS COM (M J)]

I just spoke to Arun Narasimhan [arun () quova com] who is the 
technical contact for Quova, Inc.  He explained that their 
company is working in "stealth-mode" (not very stealthy if 
you ask me) on a new software package.  He told me he 
cannot disclose the nature of this software or what it is 
supposed to do.  He attemped to assure me that they mean no 
harm in the scans and they are scanning and tracerouting 
all class A, B, and C networks.  (EEeesh!!)  What are your 
thoughts on this - do you think this type of activity, 
which is apparently condoned by Exodus.net, is invasive and 
rude, or is it their public right to scan all addresses at 
their leasure?  I have personally asked that all of our 
networks be excluded from their "testing".  Comments / 
suggestions?

-Matthew 

Hi

We just had a report which is unusual -

UDP ports 33448 through 33453

Scanning one of our net blocks but rolling the loop on the 
3rd octet and
throttled down to one every  second or so. Src port number 
constant per dest
host but then changing on the next target ip.

Src IP is in an Exodus net block - 64.41.164.54

Anyone else seeing this or know what they are looking for? 
All attempts were
fruitless, just curious.

Cheers
Neil