If there is nothing there then why are you permitting traffic there in the access-list ?
If it is trafic destined for nowhere block it as soon as possible,
Any TCP port can be any service so the fact that it is on port 6667-6669 does not mean that it is a certain software, that said, my guess would be IRC. But untill you set up a listner there is no way to know that for sure.
Most likely there have been something there at some point in time that you are seeing residue traffic from.
If you do not use it then block it.
If someone would setup a server there then this access-list would let through all kinds of traffic to that server.
The best way to do it is block everything let desired traffic through.
Now I do understand that in some (many) cases that is not possible and you have to resort to blocking traffic you know is undesired. But it puts you in a worse situation that you would have to be in untill you sorted out what is your desired traffic.
If you want to know what is going on on the outside of your interface i would setup a switch there and setup a SPAN port and start sniffing to see what is going on on the incoming and outgoing traffic.
The sniffer will tell you loads more than what the access-list will do.
Another good part of this would be that incase there is a problem that gets known with the router (in this case) you are (in many cases) able to block that type of traffic incomming in the switch with access-lists in the switch.
It is in some cases possible to setup a sniff in the router, but I prefer a span port.
This is just pure spculation since we do not have all the information.
Most likely it is a remnant of something that was there at some point in time. fx a IRC server.
IF not then it can be that it is a error someone have set up a server somewhere that have have a typo.and misspelled an ip address or it could be that someone misspelled a DNS record somewhere and that is pointing to your server.
There is no way of knowing that until you investigate and that means that you must setup something that answers so that you can se what the traffic is and sniff it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...