Our IPs are private IPs accessible only on the LAN. Access to our systems is not granted from outside the LAN so there is no chance of anyone trying this from outside the LAN network.

It has to be some guy on campus, but that is not the issue here. I wanted to know if such information can be avoided from disclosure. Till now, we only know that someone got to know our IPs (which he can do with any scanner) and also our OS (open port scans et al), but inspite of most of us having firewalls running on our systems. We don't know what else he has been able to gather from his scans, and thus the need to worry.

NMAP does show the presence of BFTP server, nearly with every firewall running. Is there any way of taking care of such anomalies. And also, does anyone have any idea what kind of scans this person might be running, which is bypassing the firewall itself, as no logs were found.