Anonymous 03/26/2019 (Tue) 04:41:55 No.20211 del
Are those nothing but TCP SYN/ACKs or are they followed by an HTTP GET or POST? Do the web logs show a corresponding spike? If there's nothing in the web logs, that could be bots trying to DOS by chewing up port numbers.