Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Server banging away at an IP address that doesn't exist.

  • Please log in to reply




  • Member
  • PipPipPip
  • 625 posts

I'm in IT.

A guy here, on my two days off, configured the NTP so that our Domain Controller would get time from our Corporate Office. Our PCs, in turn, would get their time from our Domain Controller.

Corporate called my boss today and said that we were bogging down the network on the entire forest (all of our Internet connections come from corporate). They gave us an IP address to a machine here in our building (to our Domain Controller) and said that it was banging away at another IP address (one I've never seen before and doesn't exist on our network). I'm not sure how they were able to track all of that down, but they even mentioned NTP when they called.

The guy who set it up is not here today. We've searched the registry and the files for that IP address from our Domain Controller. We can't find anything.

Is there anyway to find out what program is trying to hit that IP address? Or, at the very least, is there a way for me to see what IP addresses are being connected from our NIC?

It's a Windows 03 Server.

Any and all information will be greatly appreciated.


  • 0





  • Member
  • PipPipPip
  • 561 posts
Hi Magus,

I don't know much, but I do have a small-very small network compared to yours.

I had a similar problem when I removed a system of network hardware and replaced it with another system.

Did all the right stuff, removed the software and hardware.

But I ran into trouble immediately.
There were registry entries for the hardware in the computer.
And it would of course look for this hardware forever and ever....
Slowing everything to a crawl...

So I had to find every registry entry and remnant of this hardware and software in the whole system.
Then we were back up to speed.

I doubt if I helped much, hope I did.

There will be a real geek come around and check this out soon I'm sure.
But that's what I thought of.

Something is certainly sending the command to find that address.

So possibly someone else removed something and it left traces behind.

Edited by cmpm, 21 January 2008 - 10:34 PM.

  • 0




  • Member
  • PipPipPip
  • 472 posts
First off, make your dns configuration is correct in that domain controllers point
only to themselves or other domain controllers as their preferred dns server in
tcp/ip properties by assigned static IP address as shown by Ipconfig /all. Then
W2K/XP/2003 domain member computers must point only to domain controllers running dns
with the AD domain zone and never an ISP dns server. Run first netdiag and then
dcdiag on your domain controller to see if it configured correctly as a domain
controller. Failed tests/errors/warnings may indicate a problem particularly relating
to dns. Then run netdiag on a domain computer you are having a problem with looking
for the same relating to dns, dc discovery, kerberos, or trust relationship/secure
channel. These are free support tools on the install disk in the support/tools folder
for the appropriate operating system.

The policy you are trying to implement is a "user" configuration policy and therefore
the policy needs to be configured based on the location of the user accounts you want
it to apply to. If they are in the default users container, configure domain GPO. If
they are in an Organizational Unit, then the policy should be configured for that OU.
Group Policy can also apply to an administrator unless that user is in a different
container not subject to the GPO or the GPO is "filtered" to not apply [deny apply]
to the administrators group in the security properties of the GPO. Domain user
configuration of Group Policy will not apply to "local" users logging onto a domain
computer. If you do find the policy also applying to local users check to see it has
been applied in Local Security Policy via gpedit.msc. Use Gpresult to see what GPO's
are being applied to a computer and user while logged onto that domain computer. When
used with the /v switch it will give much more detailed info about policies and
settings being applied to try and track down what is going on. If you do that you may
want to pipe it to a text file as in [ gpresult /v > file.txt ]. --- good luck... :)
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP