I am looking at these sorts of things as well:
IN=eth0 OUT=eth1 SRC=129.250.200.121 DST=x.y.z.56 LEN=96 TOS=0x00 PREC=0x00 TTL=243 ID=32285 PROTO=ICMP TYPE=11 CODE=0 [SRC=x.y.z.56 DST=88.198.155.41 LEN=28 TOS=0x10 PREC=0x60 TTL=1 ID=1968 PROTO=UDP SPT=50131 DPT=6528 LEN=8 ]
x.y.z.56 is a disused address in our netblock assignment. So whatever this is it is not legit. Does anyone recognize this?