Hi Douglas,

 DC> hm then it could be a system in my isp's group.
 DC> or someone with a misconfigured system just about anywhere.

IMHO, anyone presenting 10.xxx.xxx.xxx (or any other of the
"public" address ranges) as the SOURCE IP address on the PUBLIC
internet these days has a 99% chance of doing only one thing, attempting to
spoof traffic, probably for very negative purposes...

Any decent Firewall that detects such a source IP address comming from a
Public Internet connection should drop the packet immediately (unless
specfically configured to allow it). Note that there may be situations
where a large organisation or an ISP uses such an adress WITHIN their own
network, however either side of those "public" addresses there
are conventional "private" Internet addresses. IE -

            |----- Within ISP environment ------|
   Pubip === Pubip == Prvtip === Pvtip === Pubip == pubip

This is sometimes done for delivery of bulk consumer grade services, EG
DSLAM or Cable feeds (my own DSL connection passes THROUGH such an
address). It does allow a measure of control over traffic flows, because
such an address is not publically routeable, therefore it can help prevent
an external source from injecting unwanted traffic at a "potentially
vulnerable" point within a network. Remember, the internet is a
network of networks...

Cheers...........pk.


--- Maximus/2 3.01