Using nmap for udp scanning, I commonly come across hosts such as this:

root@source# nmap -sU -P0 -T Aggressive -F target

Interesting ports on target:
(The 1004 ports scanned but not shown below are in state: filtered)
PORT    STATE SERVICE     VERSION
67/udp  open  dhcpserver
123/udp open  ntp
161/udp open  snmp
162/udp open  snmptrap