NIS is not blocking traffic from IP 209.141.206.119

Hi,

I configured the NIS firewall to block all traffic to and from the IP 209.141.206.119 but when I capture Wireshark, I still the a lot of traffic from the IP to my server.

According to the info on Wireshark, the Length is 82, the Info is Source port: avt-profile-1 Destination port 28332. Please see the attachment for detail.

I tried to look up for the IP and found this IP from Cik Telecom Inc in Canada. The port 28332 is an unassigned port.

Could anyone advice if this is a type of attack/hack/spy?

I see this is an one way traffic (only originate from the IP, my server does not respond to it).

Thank you.

--