Hi, Perhaps 'iptraf' or 'netwatch' (both available on freshmeat) and 'netstat' could be used to identify what/who is generating the traffic on your system. I'd also concur with a previous comment about 'portsentry', since it's possible to spoof an address and have portsentry block it.. it there for becomes an effective tool for a hacker to use as a DoS. For example, I could find out what your ISP's DNS servers are, spoof those addresses and have your portsentry block them. This would cut you off from the net until you manually corrected it.
-- Gord
