Odd scan to port 36867

["SiegeX" <siegex () atozcomp com>]

Hi guys, I recently decided to write a simple bash script to go through all my iptables logs and see which ports were 
being hit the most. Note that I only logged NEW connections to ports that arnt open on my computer.  Here are the top 
10 results

495 36867
54 1080
51 6348
16 1433
13 6588
13 3128
 9 4899
 9 3777
 9 3291
 8 8080
 8 3802


As you can see Im getting an abundance of hits to port 36867 and ive googled and asked on many IRC channels what this 
might be about and ive yet to come up with anything.  I'm posting on this mailing list in hopes you guys could shed 
some light on whats going on here.  Below is a sample from my iptables logs so you can see what Im parsing.

Nov 14 10:51:30 maximus possible_hack IN=eth0 OUT= MAC=00:60:08:11:9d:86:00:0b:23:68:65:fc:08:00  SRC=142.177.185.232 
DST=X.X.X.X LEN=48 TOS=00 PREC=0x00 TTL=103 ID=2881 DF PROTO=TCP SPT=62121 DPT=36867 SEQ=785042995 ACK=0 WINDOW=16384 
SYN URGP=0

Just to make sure that this port is not being hit by one or two differnt guys, I parsed my logs to see how many unique 
ip's were hitting port 36867 and I came up with 173 unique IP's.   Im also one of the beta testers for a new Iptables 
module called "geoip" which takes the src/dst IP and does a hash lookup on Maxmind's free ip->country database.  This 
allows me to do accounting on which countries send me the most packets to unopen ports and here is the results ive 
found after running it for a week:

271DE
135US
96FR
93CN
53KR
47BE
43GB
33MX
28NL
27IT

As you can see, the majority are comming from Germany (DE), with the US surprisingly in 2nd place with just about half 
the hits.  Ive yet to cross reference the 173 unique IP's hitting port 36867 to Maxmind's database, but I have a strong 
feeling that they are comming from Germany.   I hope you guys have a better clue whats going on than I do.  Thanks.

-Sean