Well, what was the box doing? How's it trying to connect out? It was a linux box running DNS? Samba? FTP? You /did/ shut off most default services to the box before connecting it to your network, right? If it's running DNS that's visible externally, my guess is that it was r00ted that way... If you need a DNS server, I'd use something like OpenBSD (if you want to stay with "free" Intel UN*X) and make sure you turn off all unecessary services and sandbox services like DNS/BIND (OpenBSD has options to do this right out of the gate).


BTW, ac1dsp3ctrum, 172.16.0.0/12 is RFC1918 space (disconnected/non-routeable IP space). Basically any address in 172.16.0.0 to 172.31.255.255 is considered "not connected to the Internet" and any/all ISPs should be blocking such traffic at their border routers as a matter of policy. Generally people use these networks (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) as their internal networks, then use a proxy and/or NAT when traffic's bound for the Internet.