Source Port 0 Host Sweep

[JM <ubahmapk () gmail com>]

I am receiving some alerts on our IntruShield IPS of a few internal
hosts "TCP: ACK Host Sweep"ing the network.  All sweeps have dest port
80 (and more interestingly) source port 0.

I'm familiar with Host Sweeps and port 80 and know that port 0 is a
valid port, but I've never seen anything actually _use_ it.

I have googled and searched all the archives I could find and haven't
seen anything describing this behaviour.

I want to send our HW techs to the machines (all windows PCs) and have
them cleaned, but I can't even tell them what to look for.

Does anyone know of any app/malware/virus that causes this sort of Host Sweep?

JM