Abusive traffic from Microsoft China?

• Previous message (by thread): Abusive traffic from Microsoft China?
• Next message (by thread): Abusive traffic from Microsoft China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yeah.. I would nmap it, see whats there and check for web sites etc.

Also check revdns/fwddns for the address space and see if they match and
have microsoft registered domains.

--
Leigh


Church, Charles wrote:
> Looks fishy.  Why would a company the size of Microsoft register a
> single /25?  I doubt MS really owns that block.  Sounds more like a
> hacker playground to me. 
>
> Chuck
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
> David Hubbard
> Sent: Thursday, November 08, 2007 12:23 PM
> To: nanog at merit.edu
> Subject: Abusive traffic from Microsoft China?
>
>
>
> Just wondering if anyone else is seeing huge random
> floods of traffic from:
>
> inetnum:      202.96.51.128 - 202.96.51.255
> netname:      MICROSOFT-CO
> descr:        Microsft (China) Co.Ltd
> country:      CN
> admin-c:      CH455-AP
> tech-c:       SY21-AP
> mnt-by:       MAINT-CNCGROUP-BJ
> changed:      suny at publicf.bta.net.cn 20060926
> status:       ALLOCATED NON-PORTABLE
> source:       APNIC
> changed:      suny at publicf.bta.net.cn 20060926
>
> On a nearly daily basis we see them randomly open
> thousands of connections from a variety of addresses
> in that block to multiple servers.  I've emailed
> of coruse but that results in nothing.  Probably
> will just end up blocking them.
>
> Thanks,
>
> David
>   

• Previous message (by thread): Abusive traffic from Microsoft China?
• Next message (by thread): Abusive traffic from Microsoft China?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]