a funny thing happened at work just a little while ago. one of our client's had their machine compromised by a host originating in brazil. heavy traffic was being pushed on port 1501, which is the "satellite data acquisition system" port.
granted, anyone with half a brain can configure a daemon to listen on a specific port, but that just shook me up. it also makes me think about the how's and when's of involving local or federal authorities when working on network abuse issues. most times, they won't care... but... satellite data acquisition? huh?