is 192.168.6.103 an address used within your network ? If so, you should be able to track it down. If not, there is only one way for somebody who is not authorized to use that internal address, and that is by means of spoofing the address. Try and configure th anti-spoofing access list below on your edge router interface, that is, on the interface(s) connecting you to the outside world:
ip access-list standard PRIVATE_ADDRESS_SPACE
deny 10.0.0.0 0.255.255.255
deny 172.16.0.0 0.15.255.255
deny 192.168.0.0 0.0.255.255
Apply the access-list inbound to your edge interface:
In my experience if the access list has permits and denys that look at specific ports then the log messages will report the port number. But if the access list just permits or denies by protocol (but does not specify a port) then the log message will have 0 (as yours does).
So if your access list were to be something like this:
permit ip 10.10.0.0 0.0.255.255 172.16.0.0 0.0.255.255
permit ip 10.10.0.0 0.0.255.255 192.168.1.0 0.0.0.255
It is not quite the difference that I expected, but I believe what you have posted is consistent with my idea. Access list 100 does not look any deeper than the IP addresses (does not examine any port numbers) and does not report port numbers. Access list 150 does look deeper into the packet than just the address when it has:
access-list 150 deny icmp any any echo log
access-list 150 deny icmp any any echo-reply log
Since it is looking deeper than just the address it can report the port number. If you add something in access list 100 that looks deeper into the packet I believe that access list 100 will begin to report port numbers.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...