[100764] in North American Network Operators' Group
Re: Abusive traffic from Microsoft China?
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Nov 8 12:57:16 2007
Date: Thu, 8 Nov 2007 09:54:21 -0800
From: "Christopher Morrow" <christopher.morrow@gmail.com>
To: "Church, Charles" <cchurc05@harris.com>
Cc: "David Hubbard" <dhubbard@dino.hostasaurus.com>, nanog@merit.edu
In-Reply-To: <FA1BA229357DB640B944218F3585FECA5B1941@mspe2k1.cs.myharris.net>
Errors-To: owner-nanog@merit.edu
On 11/8/07, Church, Charles <cchurc05@harris.com> wrote:
>
> Looks fishy. Why would a company the size of Microsoft register a
> single /25? I doubt MS really owns that block. Sounds more like a
They have a small office there serviced by a dsl link to the local
telco (CNCGroup)... This happens all the time.
> hacker playground to me.
>
maybe, probably not though.
> Chuck
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
> David Hubbard
> Sent: Thursday, November 08, 2007 12:23 PM
> To: nanog@merit.edu
> Subject: Abusive traffic from Microsoft China?
>
>
>
> Just wondering if anyone else is seeing huge random
> floods of traffic from:
>
> inetnum: 202.96.51.128 - 202.96.51.255
> netname: MICROSOFT-CO
> descr: Microsft (China) Co.Ltd
> country: CN
> admin-c: CH455-AP
> tech-c: SY21-AP
> mnt-by: MAINT-CNCGROUP-BJ
> changed: suny@publicf.bta.net.cn 20060926
> status: ALLOCATED NON-PORTABLE
> source: APNIC
> changed: suny@publicf.bta.net.cn 20060926
>
> On a nearly daily basis we see them randomly open
> thousands of connections from a variety of addresses
> in that block to multiple servers. I've emailed
> of coruse but that results in nothing. Probably
> will just end up blocking them.
>
> Thanks,
>
> David
>