Netware 6.5 SP7

I am trying to help another tech with an issue that she has spotted in the
Apache logs on some of her servers. The basic problem is that she is seeing
external IP addresses in the log files. I have noticed that each time there
is a 406 code in the access log, there is a corresponding
HTTP_REQUEST_ENTITY_TOO_LARGE.html.var error in the error log. Below is an

Access Log - - [05/Nov/2008:09:11:25 -0700] "POST /ipp/PrinterName
HTTP/1.1" 406 -

Error Log
[Wed Nov 05 09:11:25 2008] [error] [client] no acceptable
variant: SYS:/Apache2/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var

The servers in question are all file and print servers that should not be
communicating with the outside world. I had one of our network techs check
the firewalls and he reports that the servers are all behind firewalls and
that no holes have been punched in those firewalls. We've run a WildPackets
capture and do not see any packets that are actually leaving our network.
So we are thinking that there might be some infected machines within the
network that are generating this traffic and that the external IP addresses
are being spoofed, or we are chasing shadows. We are in the process of deep
scanning the client machines that use these servers but have not found
anything yet. It is starting to look more like we are chasing shadows.

I know virtually nothing about Apache and so I am basically at the end of my
rope here. Has anyone else seen anything like this?

Any suggestions will be greatly appreciated.