Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Phantom IP and Verisign 1

Status
Not open for further replies.
mjb2727

mjb2727

Technical User
Jul 11, 2001
13
US
This is weird. I hope someone has some insight. I am running a network with Windows 2000 Server. DHCP is assigning addresses in the range 192.168.1.21 - 192.168.1.70. My firewall keeps blocking and logging attempts to connect to certain addresses in my network. The attempts always come from either 198.49.161.200 or 198.49.161.206. NSLOOKUP shows that those are both crl.verisign.com. What is really freaking me out is that the addresses it is trying to connect to do not belong to any computer on the network, but when I go look at my DHCP leases, the IP address is listed there with a blank network name?! Everything else on my network has a name. The first time I noticed it, I deleted that entry in DHCP and excluded the address from distribution. A few days later, I noticed the firewall had begun blocking and logging attempts at another address. I checked DHCP and, sure enough, there was another new address there with a blank name. I deleted it and excluded it as before. Now, I checked again. There are 2 more with blank names! The firewall is logging attempts to connect to them as well. What is going on???
 
Sort by date Sort by votes
You may want to install something like Spybot S&D so you can see if someone is dropping cookies on your hard drive. I don't see how they are getting there unless someone is surfing the web with the server, but it wouldn't hurt to check. You could also contact the owner of the ip and ask them what's going on. I got this from when I put the first ip address you listed. Good luck.

TechHandle: HOSTMASTER-ARIN
TechName: Network Solutions, Inc.
TechPhone: +1-703-925-6937
TechEmail: noc@netsol.com


Glen A. Johnson
"To fear the worst oft cures the worse."
William Shakespeare (1564-1616); English dramatist, poet.

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
Thanks for the suggestion. I figured it out. I have a network segment that is behind a separate firewall, but is still requesting an IP address from our primary server. Since it is firewalled, the name is not showing up.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
6K
Nick Ellson
Nick Ellson
Wibble2004
  • Locked
  • Question
Bind9.11.20: nslookup shows different MX information on Windows and Linux workstation
Replies
0
Views
6K
Wibble2004
Wibble2004
dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
6K
dl12345
dl12345
ramaning
  • Locked
  • Question
BIND DNSs Has Pointed to Diff IP Addresses.
Replies
1
Views
255
unixfreak
unixfreak
Zeenatullah
  • Locked
  • Question
How to configure DHCP and OSPF in Pfsense can anyone have any suggestion..will be appreciated..
Replies
0
Views
5K
Zeenatullah
Zeenatullah

Part and Inventory Search

Sponsor

Back
Top