Macs sending udp/80 traffic to the reverse of their gateways

[Michael Costello <costellm () LAFAYETTE EDU>]

There are a number of Macs on campus sending udp/80 traffic to the
reverse of their gateways.  For example, host 10.11.12.13 with gateway
10.11.12.1 sends these packets to 1.12.11.10 once every five seconds:

foo:~ admin$ sudo tcpdump -i en1 -s1500 udp dst port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 1500 bytes
11:16:17.709184 IP 10.11.12.13.49997 > 1.12.11.10.http: UDP, length 1
11:16:22.708738 IP 10.11.12.13.49999 > 1.12.11.10.http: UDP, length 1
11:16:27.701156 IP 10.11.12.13.50001 > 1.12.11.10.http: UDP, length 1
11:16:32.704173 IP 10.11.12.13.50003 > 1.12.11.10.http: UDP, length 1
11:16:37.705295 IP 10.11.12.13.50005 > 1.12.11.10.http: UDP, length 1

My familiarity with Apple's implementation of BSD utilities is
definitely a hindrance in tracking down the process (no sockstat).
Google isn't turning up anything.  I've started killing network-related
processes (Kerberos, mDNS, etc), but I haven't yet hit the right one.

Does anyone know what is sending these packets?

-Michael