Log entry

["Scott Taylor" <scottt () soccer com>]

I was wondering if anyone could help me decipher 
this log entry. Or direct me to some place that 
could:

Feb 26 08:13:09 GENESIS1 kernel: IN= OUT=eth0 
SRC=(me)xxx.xxx.xxx.xxx DST=(outside)
aa.aa.aaa.aaa LEN=106 TOS=0x00 PREC=0xC0 TTL=255 
ID=38386 PROTO=ICMP TYPE=3 CODE=3 [SRC=(outside)
aa.aa.aaa.aaa DST=(me)xxx.xxx.xxx.xxx LEN=78 
TOS=0x00 PREC=0x00 TTL=112 ID=20908 PROTO=UDP 
SPT=1046 DPT=137 LEN=58 ]

I'm using iptables. I know OUT=eth0 is where the 
packet got dropped SRC=(me) is my external if. 
DST=(outside) is someone else. Why is there a 
second set of SRC and DST? the braketed part? 
[SRC=(outside) DST=(me) PROTO is UDP and source 
port is 1046 destination port is 137]

Now I know 137 is a window port. I guess I'm 
confused as to who generated the packet. Me or 
The outside IP, because the first source says 
it's me, and the second say's its the outside.

Is this a spoofing type attack perhaps?

Thanks for any input. 

Cheers,
Scott.
NOTE: I didn't post the IP's this time ;)

THERE IS ONLY ONE... 
SOCCER.COM, The Center of the Soccer Universe
http://www.soccer.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users