port 56398

I haven't seen any reports on attacks using the 56398 port as yet.

There is a possibility that they might have been performing some tests on your firewall using a random port;

Well that site that I happened to find has a client that pings servers on that port via UDP. Thats about the interesting information I could figure. If it goes on I recommend you give the administrative contact a call. Thats usually the best way to figure these things out. Especially if he's got some sort of loose cannon.


Cheers

I ran into the same "problem". In my case, Someone behind my firewall was tracking stock quotes with Lycos QCharts. I opened the outgoing port on my firewall, but began to notice alarms on the untrust (public) interface. For some reason, some of the UDP packets intended for the NATed individual using QCharts get eaten by my firewall as well. QCharts continues to work just fine on the client workstation despite the alarms. I chalk it up to a poor implementation of QCharts (perhaps session info is getting garbled) and filter them in my logs.