So I'm looking at the traffic logs for our router, and I found
something odd. Every morning at 2am until 3:45am there's a consistant
load of traffic coming from somewhere on the LAN to one of the machines
in the DMZ.

I'm still looking into trying to figure out which machines are the
sender and receivers. But in the processes of looking into it, I found
on BOTH of the two servers in the DMZ sections in their
/var/log/messages like this:

Sep 4 03:33:39 webserve smbd[10943]: [2006/09/04 03:33:39, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:33:39 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.bat
Sep 4 03:33:39 webserve smbd[10943]: [2006/09/04 03:33:39, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:33:39 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.cmd
Sep 4 03:33:39 webserve smbd[10943]: [2006/09/04 03:33:39, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:33:39 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.exe
Sep 4 03:33:39 webserve smbd[10943]: [2006/09/04 03:33:39, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:33:39 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.com
Sep 4 03:33:39 webserve smbd[10943]: [2006/09/04 03:33:39, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:33:39 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.pif
Sep 4 03:33:39 webserve smbd[10943]: [2006/09/04 03:33:39, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:33:39 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.lnk
Sep 4 03:36:04 webserve smbd[10943]: [2006/09/04 03:36:04, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:36:04 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.bat
Sep 4 03:36:04 webserve smbd[10943]: [2006/09/04 03:36:04, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:36:04 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.cmd
Sep 4 03:36:04 webserve smbd[10943]: [2006/09/04 03:36:04, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:36:04 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.exe
Sep 4 03:36:04 webserve smbd[10943]: [2006/09/04 03:36:04, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:36:04 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.com
Sep 4 03:36:04 webserve smbd[10943]: [2006/09/04 03:36:04, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:36:04 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.pif
Sep 4 03:36:04 webserve smbd[10943]: [2006/09/04 03:36:04, 0]
smbd/service.c:make_connection(1102)
Sep 4 03:36:04 webserve smbd[10943]: designer04 (192.168.0.18)
couldn't find service printprep.lnk

Now, "printprep" is actually two things: There's a shared (SAMBA)
folder on one of the two servers named "printprep" and there's a Web
page named printprep.php, both of which that employee on PC
"designer04" uses.
What in the world is causing that one out of several WindowsXP PC's to
spam the Fedora Core 5 servers for two minutes each day with these
make_connections for files that don't exist?

I don't know if this is tied to the huge nearly two hour data transfer
each morning, but I can't find anything else suspicious in the FC5
logs, and I'm turing on more auditing options on the WindowsXP PC's
tonight so I can look it their Event Viewers.
I was just wondering if someone could give me a pointer on what the
above might be about.
Thanks!
-Liam