[100763] in North American Network Operators' Group
RE: Abusive traffic from Microsoft China?
daemon@ATHENA.MIT.EDU (Church, Charles)
Thu Nov 8 12:46:07 2007
Date: Thu, 8 Nov 2007 11:44:32 -0600
In-Reply-To: <FCD26398C5EDE746BFC47F43EA52A173024D7A8D@dino.ad.hostasaurus.com>
From: "Church, Charles" <cchurc05@harris.com>
To: "David Hubbard" <dhubbard@dino.hostasaurus.com>, <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
Looks fishy. Why would a company the size of Microsoft register a
single /25? I doubt MS really owns that block. Sounds more like a
hacker playground to me.=20
Chuck
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
David Hubbard
Sent: Thursday, November 08, 2007 12:23 PM
To: nanog@merit.edu
Subject: Abusive traffic from Microsoft China?
Just wondering if anyone else is seeing huge random
floods of traffic from:
inetnum: 202.96.51.128 - 202.96.51.255
netname: MICROSOFT-CO
descr: Microsft (China) Co.Ltd
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: suny@publicf.bta.net.cn 20060926
status: ALLOCATED NON-PORTABLE
source: APNIC
changed: suny@publicf.bta.net.cn 20060926
On a nearly daily basis we see them randomly open
thousands of connections from a variety of addresses
in that block to multiple servers. I've emailed
of coruse but that results in nothing. Probably
will just end up blocking them.
Thanks,
David