[no subject]

[Wozz <wozz+incidents () WOOKIE NET>]

Any idea what would generate the following alerts?  I don't think its just
nmap and I'm trying to figure out what they're trying to accomplish:

[**] IDS28/probe-nmap_tcp_ping [**]
02/09-09:19:12.942288 0:B0:4A:9B:D0:38 -> 8:0:20:C2:1A:58 type:0x800 len:0x3C
194.133.58.129:80 -> a.b.c.42:53 TCP TTL:51 TOS:0x0 ID:13740 IpLen:20 DgmLen:40
***A**** Seq: 0x1BF  Ack: 0x0  Win: 0x578  TcpLen: 20

[**] IDS7/SourcePortTraffic-53-tcp [**]
02/09-09:19:12.942337 0:B0:4A:9B:D0:38 -> 8:0:20:C2:1A:58 type:0x800 len:0x3C
194.133.58.129:53 -> a.b.c.42:53 TCP TTL:51 TOS:0x0 ID:13741 IpLen:20 DgmLen:40
******S* Seq: 0x6ACADDF  Ack: 0x0  Win: 0x578  TcpLen: 20

What I'm curious about is why the change in source ports on the
probing system.  I'm seeing this from several different sources (8
to be exact), so its obviously some widespread tool thats being
used.  Any idea what it might be?  It seems to be targetting two
of our whois listed DNS servers.