Jul 26 03:57:45 XXXX: security_checkIN= OUT=eth0 SRC=192.168.XX.XX DST=67.XXX.102.167
/\ /\
| |
MY WAN Possible Intruder
(lots of ISP routing)

LEN=106 TOS=0x00 PREC=0xC0 TTL=255 ID=63974 PROTO=ICMP TYPE=3 CODE=1 [SRC=67.XXX.102.167 DST=192.168.XX.XX
/\ /\
| |
Same Intruder IP IP Of Machine on LAN behind firewall

LEN=78 TOS=0x00 PREC=0x00 TTL=118 ID=40343 PROTO=UDP SPT=137 DPT=137 LEN=58 ]

100% Microsoft Network Behind Firewall

Netfilter.org will probably not answer email on setting up Iptables, but i do not see this as a setup issue. I will email them and if I get a response within a reasonable amount of time, I will post the answer.

Thanks

wow, that didnt work! let me clarify that jumbled mess...
The first 192. IP after eth0 is my WAN address. The 67.XX.... IP is the possible intruder (which always comes from some home broadband network, damn cable modems!) The second 192. address is a machine behind firewall on my LAN. If the brackets were not there, including the information between the brackets, it would simply look like I was pinging the 67.XX address. It instead looks like someone pinged the firewall and then tricked it into pinging a machine on the LAN. I have never done something like that so I dont know. I do know that there are some stealth modes on programs like NMAP that might be able to do this, though I have never tried.

that was a bad attempt at an ASCII illustration. I worked in theory ;-)