33270:trinity connection form port 80 to local machine on port

[Bradley Filmer <bfilmer () ims telstra com au>]

I am curious as to what this might be, I am seeing hits in my iptables
logs after visiting certain websites.. mainly 

Oct 29 09:26:15 stealth kernel: IN=eth0 OUT= MAC= "long number"
SRC=64.28.67.70 DST=my.adr.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=46
ID=16970 DF PROTO=TCP SPT=80 DPT=33270 WINDOW=15180 RES=0x00 ACK SYN
URGP=0
This is netbsd.org

Oct 30 11:35:47 stealth kernel: IN=eth0 OUT= MAC= "long number"
SRC=64.58.76.98 DST=my.adr.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=48
ID=9741 DF PROTO=TCP SPT=443 DPT=33270 WINDOW=16560 RES=0x00 ACK SYN
URGP=0
This is yahoo groups.

Oct 31 09:01:41 stealth kernel: IN=eth0 OUT= MAC= "long number"
SRC=204.152.186.171 DST=my.adr.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=51
ID=23555 PROTO=TCP SPT=80 DPT=33270 WINDOW=32768 RES=0x00 ACK SYN URGP=0
This is mysql.org

Always 5 hits and I cant tell you how long after. I have checked port
33270 trinity on my machine and the local subnet for the trinity ddos
with nothing found. 
Is this just a false negative or am I seeing something more ominous....

Cheers for any inforamtion re-assurance
-- 
Bradley Filmer
Looking for paranoia in all the right places



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com