My ISP keeps nagging me that there is a alot of traffic outbound via a few ports hitting SE Asia. One culpirt I found was someone using sharaza downloading. So that has been taken care of. The other is I get multiple reuqests outbound on port 53 to many of these sites. I use a barracuda for all internal email then spam sentinal as a backup and an Netvanta firewall for the rest, The problem lies in the logs of the netvanta.
I attached a screen shot. The Barracuda is the .80 and the nat is obviously the firewall. Can someone tell me how to stop this or find out who internal has a worm or bot sending this out.