we have seen 8.8.8.8 end up on some ban lists. On Tue, Nov 3, 2020 at 3:17 PM Mike Hammett <nanog@ics-il.net> wrote:
Ah, so then potentially spoofed, trying to get people to honeypot blacklist XBox.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------ *From: *"Josh Luthman" <josh@imaginenetworksllc.com> *To: *"Mike Hammett" <nanog@ics-il.net> *Cc: *"Max Tulyev" <maxtul@netassist.ua>, "NANOG list" <nanog@nanog.org> *Sent: *Tuesday, November 3, 2020 2:03:01 PM *Subject: *Re: Microsoft is hacking my Asterisk??? O_o
I've seen that, a shared IP on Azure that hit my honeypot IP. Ended up being an Xbox authentication IP address one day.
Josh Luthman 24/7 Help Desk: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373
On Tue, Nov 3, 2020 at 2:59 PM Mike Hammett <nanog@ics-il.net> wrote:
Azure?
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------ *From: *"Max Tulyev" <maxtul@netassist.ua> *To: *nanog@nanog.org *Sent: *Tuesday, November 3, 2020 1:55:45 PM *Subject: *Microsoft is hacking my Asterisk??? O_o
Hi All,
I have just seen a number of IPs trying to brute-force my VoIP server from Microsoft network. For example, 13.90.148.133, 20.55.203.249, 40.76.244.210... Traceroute really goes to MSN. More than a half of all usual attempts to hack my Asterisk I got today, came from MSN.
What is happening? Am I missed something?