Recently setup mail alerting on a remote Vigor 2860. This has been working well and I have been receiving periodic notifications of the expected nuisance port scans etc being detected & blocked - nothing of concern. However, I have also received a few alerts that look something like this: The strange bit is the IP addresses involved here. Obviously these are in the 10.0.0.0/8 private address range, which is odd, as I would expect ICMP floods to come from the WAN. What is even more confusing is that none of the LANs on this device use these ranges. All LANs setup on this router are in the 192.168.0.0/16 block, and there are two additional /24 networks connected via LAN-To-LAN VPN, which are in the 10.0.0.0/8 block, but nowhere near the address ranges seen in the above log entry. 

I have noticed that these logs seem to be generated when the premises is occupied, E.G there are a few more devices connected than just an NVR, wireless AP and security system. (Perhaps a PC and a phone or two). 

Would be interested to figure out what is generating these logs.