in firestarter, i got a hit from some IP (66.35.250.177), when i click look up host-name, it shows linux.com. it was in port 56022. whats up?

nothing really
i get hit by a lot of yahoo domains too:P

"got a hit"

So, err... what was that machine supposedly doing? ;)

Someone may have been (fairly easily) forging the source IP address, too. It's relatively easy to perform a DDoS by sending ICMP echo-requests to a whole huge list of IP addresses, with the return address forged to be the target machine. Every machine in the list will return an ICMP echo-response to the (forged) IP, which can use all its available bandwidth.

wo, so linux.com was under a dos attack?!

Possibly.

It may have been other traffic that the attacker was sending to you that they didn't need (or want) a reply to. Or it may not have been targeted explicitly against linux.com -- it might have been randomly chosen.

Without knowing what packets you were getting, it's impossible to say. (Even with the packets, it might not be possible to say what the original intent was. But it's better than guessing. ;)) Does Firestarter give you any details at all?