[Snort-users] Strange portscan traffic with dest of 169.254.x.x

For the past couple of days, I have been seeing some very strange portscan 
traffic coming from internal addresses and going to the internet.  The Snort 
box I have been getting these alerts on is sitting just behind our Internet 
firewall.  I have attached a screenshot of the alert.

It's odd for a couple reasons.  First, why is 169.254 traffic even getting 
routed to our external firewall.  This is probably something I need to discuss 
with our network admin.  That just seems weird to me.  Second, if I am reading 
the alert correctly, it looks like the computer is scanning itself for NetBIOS 
and SMB ports.  I was just wondering if anyone else has seen anything like this.

AG



      
____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

169.gif
Description: GIF image

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users