Ok I have one of my PIX boxes dropping logs to a Symantec SIM box which we are doing an eval on.
While scanning through what the SIM presented to me I came across the following log entry which is a bit of a head scratcher:
IP address 0.1.0.4 has directed a denial of service exploit event at 0.1.0.4.
I did some quick googling on that IP address and found RFC 3330, and a few references to people seeing this exact same IP. One of them was in a snort log, the other "big" hit was from someone seeing this IP assigned to a Logitech webcam.
Anyone seen this before? Any ideas what it could be about?