The Cable Modem service here (Road Runner) uses addresses in the "private" address space to pass LOCAL control info around it's system for its routers', bridges, etc. They use addresses in the 10.XXX.YYY.ZZZ range here. That "could" be an explaination. That keeps the "real" internet addresses for their "users".
Another possibility is that someone on your segment is using this address range for their LAN and it is leaking out. Private addresses are NOT supposed to be routable, but I suppose that "rule" starts at the first router / server, which is probably servicing several customers in your area. You might be interested in visiting http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html . I did a little snooping there and on some of its links and found out that port 1015 is commonly used by the "DOLY" Trojan...a Windows trojan. The info I found was at http://www.simovits.com/trojans/trojans.html , which is linked from the first page. LOTS of interesting info there.... Cheers, -Don Spoon-
