Outgoing Connections 169.254.98.x

I would suspect plain old networking issues like dns or dhcp, possibly a combination, spiced up with connectivity challenged workstations. That destination address is not going anywhere past your ISP at best, so I wouldnt loose sleep over this.

Anyhow, 169.254/16 are considered not routable (rfc 3927), so treat it like rfc1918-addresses and drop it at the firewall.

3330 Special-Use IPv4 Addresses. IANA. September 2002. (Format: TXT=16200 bytes) (Status: INFORMATIONAL) 3927 Dynamic Configuration of IPv4 Link-Local Addresses. S. Cheshire, B. Aboba, E. Guttman. May 2005. (Format: TXT=83102 bytes) (Status: PROPOSED STANDARD)

A pair of RFCs that you can find with any search engine. 169.254.x.x is used by windoze and Macintosh boxes when the DHCP server is not handing out addresses. Briefly, in that case, your windoze box reaches up it's a$$ and grabs a random address in the range 169.254.0.1 to

169.254.255.254 and uses that for local only network communications. Any router should be silently discarding these packets as unroutable.

No - just some user on your LAN trying to check his mail. If you sniffed the packets, you may see his username.

If you are sure your DHCP server is correctly configured, then the owner of the mis-configured computer on your LAN may come whining to the hell-desk about the Internet being down. If you allow random computers to connect to your LAN, you'll have to fix the broken configuration - possibly a personal firewall on the b0rken box.

If you don't have a DHCP server, then either you have a visitor on your wires, or one of your users has been dinking with the configuration of his computer. Some network administrators frown on that.

Old guy