FYI RE: microsoft please contact me off list

Charles Wyble charles at thewybles.com
Thu Mar 12 17:36:13 CDT 2009


What were the traffic characteristics that lead you to believe you were 
under a DDOS attack?

Thomas P. Galla wrote:
> Here is what I got back....  OBTW thanx
> 
> Thomas
> 
> 
> =============================
> 
> Sent: Thursday, March 12, 2009 4:22 PM
> To: Thomas P. Galla
> Subject: FW: microsoft please contact me off list
> Importance: High
> 
> Thomas,
> 
> I work in the research group managing the network range that you are reporting.  Your network could be randomly included Honeymonkey(http://en.wikipedia.org/wiki/HoneyMonkey) or another research project(http://research.microsoft.com/en-us/um/redmond/projects/strider).  Could you give me more details on what you are seeing or the IP range on your side that is being hit?
> 
> Thx
> Steve
> 
> 
> 
> Thomas P Galla
> tpg at bluegrass.net
> BluegrassNet
> Voice (502) 589.INET [4638]
> Fax 502-315-0581
> 321 East Breckinridge St
> Louisville KY 40203
> 
> 
> -----Original Message-----
> From: Thomas P. Galla [mailto:tpg at bluegrass.net]
> Sent: Thursday, March 12, 2009 3:35 PM
> To: nanog at nanog.org
> Subject: RE: microsoft please contact me off list
> 
> Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ?
> 
> 
> 
> Thomas P Galla
> tpg at bluegrass.net
> BluegrassNet
> Voice (502) 589.INET [4638]
> Fax 502-315-0581
> 321 East Breckinridge St
> Louisville KY 40203
> 
> 
> -----Original Message-----
> From: Thomas P. Galla [mailto:tpg at bluegrass.net]
> Sent: Thursday, March 12, 2009 3:24 PM
> To: nanog at nanog.org
> Subject: microsoft please contact me off list
> 
> Can a person in charge contact me off list
> 
> 
> 
> 
> mail:~ $ whois -h whois.arin.net 131.107.65.41
> 
> OrgName:    Microsoft Corp
> OrgID:      MSFT
> Address:    One Microsoft Way
> City:       Redmond
> StateProv:  WA
> PostalCode: 98052
> Country:    US
> 
> NetRange:   131.107.0.0 - 131.107.255.255
> CIDR:       131.107.0.0/16
> NetName:    MICROSOFT
> NetHandle:  NET-131-107-0-0-1
> Parent:     NET-131-0-0-0-0
> NetType:    Direct Assignment
> NameServer: NS1.MSFT.NET
> NameServer: NS5.MSFT.NET
> NameServer: NS2.MSFT.NET
> NameServer: NS3.MSFT.NET
> NameServer: NS4.MSFT.NET
> Comment:
> RegDate:    1988-11-11
> Updated:    2004-12-09
> 
> RTechHandle: ZM39-ARIN
> RTechName:   Microsoft
> RTechPhone:  +1-425-882-8080
> RTechEmail:  noc at microsoft.com
> 
> OrgAbuseHandle: ABUSE231-ARIN
> OrgAbuseName:   Abuse
> OrgAbusePhone:  +1-425-882-8080
> OrgAbuseEmail:  abuse at msn.com
> 
> OrgAbuseHandle: HOTMA-ARIN
> OrgAbuseName:   Hotmail Abuse
> OrgAbusePhone:  +1-425-882-8080
> OrgAbuseEmail:  abuse at hotmail.com
> 
> OrgAbuseHandle: MSNAB-ARIN
> OrgAbuseName:   MSN ABUSE
> OrgAbusePhone:  +1-425-882-8080
> OrgAbuseEmail:  abuse at msn.com
> 
> OrgNOCHandle: ZM23-ARIN
> OrgNOCName:   Microsoft Corporation
> OrgNOCPhone:  +1-425-882-8080
> OrgNOCEmail:  noc at microsoft.com
> 
> OrgTechHandle: MSFTP-ARIN
> OrgTechName:   MSFT-POC
> OrgTechPhone:  +1-425-882-8080
> OrgTechEmail:  iprrms at microsoft.com
> 
> # ARIN WHOIS database, last updated 2009-03-11 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
> mail:~ $ whois -h whois.arin.net 131.107.65.41
> 
> 
> 
> 
> 
> Thomas P Galla
> tpg at bluegrass.net
> BluegrassNet
> Voice (502) 589.INET [4638]
> Fax 502-315-0581
> 321 East Breckinridge St
> Louisville KY 40203
> 
> 
> 
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00
> 
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00
> 

-- 
Charles N Wyble charles at thewybles.com
(818)280-7059 http://charlesnw.blogspot.com
CTO SocalWiFI.net




More information about the NANOG mailing list