Abusive traffic from Microsoft China?
Leigh Porter
leigh.porter at ukbroadband.com
Thu Nov 8 17:55:28 UTC 2007
Yeah.. I would nmap it, see whats there and check for web sites etc.
Also check revdns/fwddns for the address space and see if they match and
have microsoft registered domains.
--
Leigh
Church, Charles wrote:
> Looks fishy. Why would a company the size of Microsoft register a
> single /25? I doubt MS really owns that block. Sounds more like a
> hacker playground to me.
>
> Chuck
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> David Hubbard
> Sent: Thursday, November 08, 2007 12:23 PM
> To: nanog at merit.edu
> Subject: Abusive traffic from Microsoft China?
>
>
>
> Just wondering if anyone else is seeing huge random
> floods of traffic from:
>
> inetnum: 202.96.51.128 - 202.96.51.255
> netname: MICROSOFT-CO
> descr: Microsft (China) Co.Ltd
> country: CN
> admin-c: CH455-AP
> tech-c: SY21-AP
> mnt-by: MAINT-CNCGROUP-BJ
> changed: suny at publicf.bta.net.cn 20060926
> status: ALLOCATED NON-PORTABLE
> source: APNIC
> changed: suny at publicf.bta.net.cn 20060926
>
> On a nearly daily basis we see them randomly open
> thousands of connections from a variety of addresses
> in that block to multiple servers. I've emailed
> of coruse but that results in nothing. Probably
> will just end up blocking them.
>
> Thanks,
>
> David
>
More information about the NANOG
mailing list