<snip>
The problem is that a user on this box appears to be launching high traffic DOS attacks from it towards other sites. These are UDP based floods that move around from time to time - most of these attacks only last a few minutes.
Maybe it's not 'malicious' at all. For instance, is there a Bittorrent client on the box?
<snip>
