Abusive traffic from Microsoft China?

Church, Charles cchurc05 at harris.com
Thu Nov 8 17:44:32 UTC 2007


Looks fishy.  Why would a company the size of Microsoft register a
single /25?  I doubt MS really owns that block.  Sounds more like a
hacker playground to me. 

Chuck

-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
David Hubbard
Sent: Thursday, November 08, 2007 12:23 PM
To: nanog at merit.edu
Subject: Abusive traffic from Microsoft China?



Just wondering if anyone else is seeing huge random
floods of traffic from:

inetnum:      202.96.51.128 - 202.96.51.255
netname:      MICROSOFT-CO
descr:        Microsft (China) Co.Ltd
country:      CN
admin-c:      CH455-AP
tech-c:       SY21-AP
mnt-by:       MAINT-CNCGROUP-BJ
changed:      suny at publicf.bta.net.cn 20060926
status:       ALLOCATED NON-PORTABLE
source:       APNIC
changed:      suny at publicf.bta.net.cn 20060926

On a nearly daily basis we see them randomly open
thousands of connections from a variety of addresses
in that block to multiple servers.  I've emailed
of coruse but that results in nothing.  Probably
will just end up blocking them.

Thanks,

David



More information about the NANOG mailing list