ummm are you sure that is not coming from your internal network ?

Without looking back and reading it, I think RFC 1918 states that they won't be routable as a destination. But if they are spoofed, they could without a doubt show up in your logs as a source address.

Correct me if I'm wrong as I've never been a big one for plowing through RFCs.

Don

Don is correct. This can be solved by using a stateful firewall that does sanity checks on the data packets going through it.

I am not very familiar with Comodo. At home I have Zone Alarm installed on Windows, and an access list on my router. At work I sometimes (rarely) use Sygate, but not for protection, but rather for session analysis.

Back in my old job (until 2006) I used to work with commercial firewalls on a daily basis. Check Point and Fortigate were definately the best I worked with. I must admit that since then I haven't touched a firewall. 

Thanks for the reply.  I just started using Comodo at home on a box.  I am finding I like it actually.  I've used the Zonealarm free firewall for years, but the Comodo seems even easier to set up, and it come with a built in registry lock.  I like that.  I still haven't decided if I want to take a PIX firewall course, or just start doing some study on my own with some open source firewalls. 

On kind of a side note, Snort is doing a 4 day bootcamp/training gig up here in Seattle in September... and they're going to have some of their snort certs available after.   Any of you taken any of their Certs, or know if they're even recognized and useful?  I'm probably going to take the course just to give me a quick jumpstart into IDS/IPS, since I want to set some of that up at my office.