I had an infected host with a zeroaccess trojan. This host machine has been rebuilt and formated but the firewall logs are still coming back as the host is sending data to and from a remote address.
I then unplugged the cable from it so there is not even any rooting it its vlan anymore. The firewall still reports data to and from it?
How is this possible? IP address spoofing? ARP poisoning?