Suspicious error log activity

I have a question about some error log activity.

I run bugzilla as the only application on my apache server (version
2.055), which is running
on windows XP. In the error log, i see a requests from an internal ip
address which are denied
(I have ip filtering turned on in httpd.conf).

I first noticed these about a week ago; they always come in bursts,
and were happening for a long time.
As time went on, the recent errors had gotten to where there were
about a hundred denied requests in a set.
This prompted me to install a smoothwall firewall

That was done around the 5th.

i truncated the error log, ran a bunch of virus checks on the internal
machines (finding nothing)
Anyway, on the 7th, looks like i got another set (about 30). right at
1am the error log entry looks like...

[Wed Feb 07 00:53:29 2007] [error] [client 192.168.1.47] client
denied by server configuration: C:/Bugzilla/

the corresponding access log entry looks like this:

192.168.1.47 - - [07/Feb/2007:00:53:29 -0800] "OPTIONS / HTTP/1.1"
403 275

That's the only set since the seventh, so things have improved
(towards the end there, I was getting a
set or two a day), and, as I mentioned, as many as a hundred errors in
a set.

Coincidentally, this particular set of entries is originating from the
bugzilla machine (which also runs httpd)
itself. I don't see anything in the smoothwall log that says anything
was trying to come in from the ether
at the time, and I know that nobody was on the machine.

i was wondering if anyone had heard of a virus which can do this?
That is, something that might get installed on a machine in the
internal net, generating requests of different internal IPs.

thanks in advance

dchinn

"just because you're paranoid doesn't mean they aren't out to get you"