noone can be sure that it is coming from outside. Since you did blocked
in for any rfc-1918 range of addresses, the very best guess is somebody
*inside* your own lan. Remember: your worst enemy is the one you have
inside (even inside yourself, btw).
Try to track it with tcpdump (difficult) or iptraf. Also you can try to
ping this ip just now, to see if it is alive.
The next worst thing is someone from outside, sitting in a remotely
controled inner box.
> Hi !
> I use snort for IDS ans Today, i have been been scan from host
> 192.168.100.100, but in my network, i don't use this ip :(
> I have block ip spoofing ...
> How can a user from external take an internal ip adress ? And how can i
> block that ?
Irado Furioso com Tudo
Linux (SuSE) User 179402
se abrirem as portas de *todas* as pris?es, os roubos ainda ser?o em
menor volume do que os de nossos polticos. Na verdade, mal
perceberamos a diferen?a (think about)!.