Thanks for this info, I was unaware someone or a worm could spoof themselfs to look like my network. Im sure glad they are being dropped then. It dose not make sence however why the port scans are being alowed.

tracert on 208.254.46.52 reported belonging to a uunet, my isp owns 24.100.0.0 - 24.102.255.255, I think the port scans are external, it concerns me that these scans are being permited.

I finaly downloaded adobe acrobatic reader, which is why I was unable to read the paper from sans last night discribeing the local loopback reports, but I think I am understanding now. So realy there is nothing I can do then since it is not belonging to my network, corect?

Thanks for all the help.