ICMP/UDP flood

[Bill Burgos <wjburgos () white-bear-productions com>]

Greetings Security Focus,

I recently have been receiving log messages from my router with the
following message:

2004-05-02 00:40:03 - ICMP Flood - Source:192.168.X.XX ,0,LAN -
Destination:2XX.2XX.XX.X,0,WAN

also:

2004-05-06 10:25:27 - UDP Flood - Source:192.168.X.XX
,45544,LAN - Destination:2XX.2XX.XX.X,53,WAN


The Source is coming from my firewall box (192.168.X.XX) and the
Destination is a DNS server on the Internet (2XX.2XX.XX.X).

I have grepped the logs from internal machines and the firewall for the
DNS server address with no results.

My setup:

Internet
   |
Router
   |
---------------
|             |
Firewall   DMZ server (web server)
|
LAN

The Router is a Planex, the firewall is a PC running RedHat 7.2, the DMZ
is Debian.

The other LAN machines are a combo of Linux and one Windows machine, all
behind the firewall. The messages started while I was out of the house
and the Windows machine was offline.

My questions are:

Should I be worried about this?

If the flood is coming from the firewall, is it compromised? can I
verify it in a log?

Any ideas would be a great help.

Thanks in advance

Bill


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------