I have been monitoring the BM ippktlog files and keep finding an internal
computer with a strange name that constantly sends icmp requests, and
then the servers will next send port 53 requests to each other. This
seems to be a continual pattern through the logs. The pc has an address
with a "vpn" in the name, and we do not have a vpn in place. Is it
possible that someone has attached to our server and and accessing out
internet internally? I had previously blocked port 445 with stopped a
lot of spam mail that was coming through, now suddenly this pattern has
started. I previously bound several accesses to port 901 on the logs so
I blocked this port also. This shortly after I discovered this computer
sending the icmp requests. Is there a way I can track this to find out
is a user has anonymously set himself up as a transparant supervisor on a