Yeah.. I would nmap it, see whats there and check for web sites etc. Also check revdns/fwddns for the address space and see if they match and have microsoft registered domains. -- Leigh Church, Charles wrote:
Looks fishy. Why would a company the size of Microsoft register a single /25? I doubt MS really owns that block. Sounds more like a hacker playground to me.
Chuck
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of David Hubbard Sent: Thursday, November 08, 2007 12:23 PM To: nanog@merit.edu Subject: Abusive traffic from Microsoft China?
Just wondering if anyone else is seeing huge random floods of traffic from:
inetnum: 202.96.51.128 - 202.96.51.255 netname: MICROSOFT-CO descr: Microsft (China) Co.Ltd country: CN admin-c: CH455-AP tech-c: SY21-AP mnt-by: MAINT-CNCGROUP-BJ changed: suny@publicf.bta.net.cn 20060926 status: ALLOCATED NON-PORTABLE source: APNIC changed: suny@publicf.bta.net.cn 20060926
On a nearly daily basis we see them randomly open thousands of connections from a variety of addresses in that block to multiple servers. I've emailed of coruse but that results in nothing. Probably will just end up blocking them.
Thanks,
David