Windows SBS 2008 scans old subnet
Posted on 2011-09-05
We have a Windows SBS 2008 which replaced a Windows 2000 Standard server. Together with the migration we changed the internal subnet, this because someone in the past had chosen 18.104.22.168/24 as the internal subnet. During a short time both the old and the new subnet (192.168.111.0/24) where configured on the server and in use. After the migration, we removed the 22.214.171.124/24 subnet from the server and all PCs.
But at the moment the SBS server does a scan of the 126.96.36.199/24 subnet at regular intervals, e.g. one of theses starts at 4:00pm everyday. It checks every address in the range through pings, it sends snmp, netbios (port 139) and smb over tcp (port 445) requests. The process from which this originates is the system process. This matters because the subnet it scans is a public subnet.
I have checked for traces of the 188.8.131.52/24 address in the registry and removed everything, but the problem stays.
What causes this?