I am new to this so please bear with me...
Our DSL provider has notified us that our small company network accounts
for almost 4% of the nameserver traffic for our region. They suspect that
we are an open relay or are generating many NDS messages due to the large
volume of spam we are getting.
Using Ethereal (I'm new to this and realize I can get lost in all the data
it provides) I do see a WHOLE BUNCH of NBNS traffic that is being broadcast
from our gateway/proxy server (NT4) for some really bizzare domain names.
This obviously is not good. How can I tell if this traffic is being
generated by the proxy server or if the requests are coming from another
machine on the network and then being "re-sent"? by the proxy?
Does this make sense?