I'm in IT.
A guy here, on my two days off, configured the NTP so that our Domain Controller would get time from our Corporate Office. Our PCs, in turn, would get their time from our Domain Controller.
Corporate called my boss today and said that we were bogging down the network on the entire forest (all of our Internet connections come from corporate). They gave us an IP address to a machine here in our building (to our Domain Controller) and said that it was banging away at another IP address (one I've never seen before and doesn't exist on our network). I'm not sure how they were able to track all of that down, but they even mentioned NTP when they called.
The guy who set it up is not here today. We've searched the registry and the files for that IP address from our Domain Controller. We can't find anything.
Is there anyway to find out what program is trying to hit that IP address? Or, at the very least, is there a way for me to see what IP addresses are being connected from our NIC?
It's a Windows 03 Server.
Any and all information will be greatly appreciated.