Microsoft is hacking my Asterisk??? O_o

• Previous message (by thread): Microsoft is hacking my Asterisk??? O_o
• Next message (by thread): Microsoft is hacking my Asterisk??? O_o
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When I had honeypot blacklisting for my whole network, I ran across people spoofing the Google authoritative name servers. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Dovid Bender" <dovid at telecurve.com> 
To: "Mike Hammett" <nanog at ics-il.net> 
Cc: "Josh Luthman" <josh at imaginenetworksllc.com>, "NANOG list" <nanog at nanog.org> 
Sent: Tuesday, November 3, 2020 2:47:58 PM 
Subject: Re: Microsoft is hacking my Asterisk??? O_o 


we have seen 8.8.8.8 end up on some ban lists. 




On Tue, Nov 3, 2020 at 3:17 PM Mike Hammett < nanog at ics-il.net > wrote: 




Ah, so then potentially spoofed, trying to get people to honeypot blacklist XBox. 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 



From: "Josh Luthman" < josh at imaginenetworksllc.com > 
To: "Mike Hammett" < nanog at ics-il.net > 
Cc: "Max Tulyev" < maxtul at netassist.ua >, "NANOG list" < nanog at nanog.org > 
Sent: Tuesday, November 3, 2020 2:03:01 PM 
Subject: Re: Microsoft is hacking my Asterisk??? O_o 


I've seen that, a shared IP on Azure that hit my honeypot IP. Ended up being an Xbox authentication IP address one day. 





Josh Luthman 
24/7 Help Desk: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St 
Suite 1337 
Troy, OH 45373 



On Tue, Nov 3, 2020 at 2:59 PM Mike Hammett < nanog at ics-il.net > wrote: 

<blockquote>


Azure? 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 



From: "Max Tulyev" < maxtul at netassist.ua > 
To: nanog at nanog.org 
Sent: Tuesday, November 3, 2020 1:55:45 PM 
Subject: Microsoft is hacking my Asterisk??? O_o 

Hi All, 

I have just seen a number of IPs trying to brute-force my VoIP server 
from Microsoft network. For example, 13.90.148.133, 20.55.203.249, 
40.76.244.210... Traceroute really goes to MSN. More than a half of all 
usual attempts to hack my Asterisk I got today, came from MSN. 

What is happening? Am I missed something? 





</blockquote>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201103/dd455821/attachment.html>

• Previous message (by thread): Microsoft is hacking my Asterisk??? O_o
• Next message (by thread): Microsoft is hacking my Asterisk??? O_o
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]