https://azure.microsoft.com/en-us/resources/knowledge-center/how-do-i-report... How do I report a security incident or abuse? To report suspected security issues or abuse of Azure, please contact the cert.microsoft.com<https://portal.msrc.microsoft.com/engage/cars> team, which is available 24/7. From: NANOG <nanog-bounces+chkuhtz=microsoft.com@nanog.org> On Behalf Of Mike Hammett Sent: Tuesday, November 3, 2020 12:00 PM To: Max Tulyev <maxtul@netassist.ua> Cc: nanog@nanog.org Subject: [EXTERNAL] Re: Microsoft is hacking my Asterisk??? O_o Azure? ----- Mike Hammett Intelligent Computing Solutions<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ics-il.com%2F&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348449036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=PehbslJLV1QvoCFjaGcWmD8gx0st3Jt54u0CNhlXZfI%3D&reserved=0> [http://www.ics-il.com/images/fbicon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FICSIL&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348459032%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NUTpWNYJIuFZatw4ZaMe8uxGV44JP%2FniICj7lndIdHc%3D&reserved=0>[http://www.ics-il.com/images/googleicon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplus.google.com%2F%2BIntelligentComputingSolutionsDeKalb&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348469032%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pjnk46f1Kr6igjmDkAYxiO41EQoqwQ3Qi7kIFNAuj%2BU%3D&reserved=0>[http://www.ics-il.com/images/linkedinicon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fintelligent-computing-solutions&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348469032%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HvRDFSLR1FNb%2BF%2FhLV7MEs3pdo%2Fbcs9EBOxzciEE1ZM%3D&reserved=0>[http://www.ics-il.com/images/twittericon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FICSIL&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348479024%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=IdsqBrq5mySWYXWY2PJCDEQx2uSfxnNS2krARMi8cX0%3D&reserved=0> Midwest Internet Exchange<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.midwest-ix.com%2F&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348489036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zOxLFx7J2KciWAgUJeWsJrViINZ3kdAIuw0HybednwE%3D&reserved=0> [http://www.ics-il.com/images/fbicon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fmdwestix&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348489036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=hmOcqi2P%2BsLgTZkRk8sne37%2BrLFEBn9qeQ41DDTYWFU%3D&reserved=0>[http://www.ics-il.com/images/linkedinicon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmidwest-internet-exchange&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348499023%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Qxy89R1YH2YaaZSx2x2%2BKPcYTvxapCzvmmzZeq9RSlU%3D&reserved=0>[http://www.ics-il.com/images/twittericon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fmdwestix&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348499023%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=klPXyp6TeXe%2FBGAtPwd%2B77zec2ws59ksDBCGwnhqvI4%3D&reserved=0> The Brothers WISP<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.thebrotherswisp.com%2F&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348509023%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7dQukUH7Fg3uaqhDsQybgJMExCoekPo7B57%2BVjK%2FYCU%3D&reserved=0> [http://www.ics-il.com/images/fbicon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fthebrotherswisp&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348519019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qXu0bFMKf3BsEDqWnObYo7t%2F13mqqPn9E%2BOT8MVfY5Q%3D&reserved=0>[http://www.ics-il.com/images/youtubeicon.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCXSdfxQv7SpoRQYNyLwntZg&data=04%7C01%7Cchkuhtz%40microsoft.com%7C3a3d40dd12ef405010b508d880331f4d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637400304348519019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qyRUtvkknUQQApqI%2BRmeQT%2FSm9QhEwOHmRdbX98YEMI%3D&reserved=0> ________________________________ From: "Max Tulyev" <maxtul@netassist.ua<mailto:maxtul@netassist.ua>> To: nanog@nanog.org<mailto:nanog@nanog.org> Sent: Tuesday, November 3, 2020 1:55:45 PM Subject: Microsoft is hacking my Asterisk??? O_o Hi All, I have just seen a number of IPs trying to brute-force my VoIP server from Microsoft network. For example, 13.90.148.133, 20.55.203.249, 40.76.244.210... Traceroute really goes to MSN. More than a half of all usual attempts to hack my Asterisk I got today, came from MSN. What is happening? Am I missed something?