1000% increase in traffic

[Bob Wright <rjw1150 () NEO LRUN COM>]

Hello guys, thank you for reading this email.. I beleave i might have an exploited box on my hands, At my place of 
employment we usally range about 728b/s as our average for output (128k Connection)  Now starting at friday at 12am to 
sat 12pm (about) MRTG (traffic analyser) showed us averaging about 7744b/s !! on a weekend at that late of night. And 
all out to boot. This worries me because of our data (of coarse) or that we might have a possible client on one of the 
many machines for a DDOS. Now i have searched through most my logs, inet logs and i cant find a thing..... the logs do 
not LOOK like they were tamperd with. These are what i think could have happend. 

1) Employee sending files home thinking that no one will be able to detect it.
2) DDOS client on one or several machines
3) We had a intrusion and the great guy he is decided to send our files to himself
4) <input here>  

    I am new to this, im only an intern however they expect me to look into this? any how i would like to hear what you 
guys out there who have experience think, and as always i love any possible links you might have which discuss general 
procedure or any site that deals with network security.

I thank you again for reading my email.

-Robert Wright