I use DHCP from my ISP. The IP address that I currently have is getting bombarded (about 1/sec.) for incoming port 60661 (UDP)from different domain addresses around the world. What gives??? Is this a true attack or people trying to connect to a sever that used to used this address???

Can someone explain what is causing me to get so many calls to the same port? What is port 60661 used for?

Thanks,
Bryan

What source port do the packets have? 60661 is a ephemeral port, so it's gonna be pretty tough to determine, by destination port number alone, what service they are attempting to reach (not that a source port would magically clear things up either). Could you post a few sample lines from your firewall log, tcpdump output, etc?

With the info we have so far, this could be anything - even something as harmless as transmissions to a Limewire servent that the previous user of your IP had running. There also isn't any breakout targetting that port at the time of this post, FWIW.

The packets to incoming port 60661 (UDP) come at exactly 1 second intervals from each different IP address sending them. They all originate from port 63406 on the other machines. I am not running any services behind that port (or any but sshd for that matter), so the packets are being silently dropped (but the rate of these packets isn't slowing down even after many hours/renewals of leasing the same IP address.)

Guess it may be internet "noise".

Thank you for the breakout link suggestion.

Thanks,
Bryan

Well the reason I asked if you could post your tcpdump output was so that perhaps someone could tell you with certainty what kind of traffic it was. I'm not sure I'd call it noise at this point, I suspect it is more related to something the previous IP user was doing. In any case, it's good your firewall is sending the packets to DROP, perhaps you should add a DROP rule for these specific packets so that they don't clutter your log file. That is, assuming you are currently using a LOG rule at the end of the chain, before the policy.