nanog mailing list archives

Re: Microsoft is hacking my Asterisk??? O_o

From: Dovid Bender <dovid () telecurve com>
Date: Tue, 3 Nov 2020 15:47:58 -0500

we have seen 8.8.8.8 end up on some ban lists.


On Tue, Nov 3, 2020 at 3:17 PM Mike Hammett <nanog () ics-il net> wrote:

Ah, so then potentially spoofed, trying to get people to honeypot
blacklist XBox.



-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL>
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
<https://www.linkedin.com/company/intelligent-computing-solutions>
<https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix>
<https://www.linkedin.com/company/midwest-internet-exchange>
<https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------
*From: *"Josh Luthman" <josh () imaginenetworksllc com>
*To: *"Mike Hammett" <nanog () ics-il net>
*Cc: *"Max Tulyev" <maxtul () netassist ua>, "NANOG list" <nanog () nanog org>
*Sent: *Tuesday, November 3, 2020 2:03:01 PM
*Subject: *Re: Microsoft is hacking my Asterisk??? O_o

I've seen that, a shared IP on Azure that hit my honeypot IP.  Ended up
being an Xbox authentication IP address one day.

Josh Luthman
24/7 Help Desk: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


On Tue, Nov 3, 2020 at 2:59 PM Mike Hammett <nanog () ics-il net> wrote:

Azure?



-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL>
<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>
<https://www.linkedin.com/company/intelligent-computing-solutions>
<https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix>
<https://www.linkedin.com/company/midwest-internet-exchange>
<https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------
*From: *"Max Tulyev" <maxtul () netassist ua>
*To: *nanog () nanog org
*Sent: *Tuesday, November 3, 2020 1:55:45 PM
*Subject: *Microsoft is hacking my Asterisk??? O_o

Hi All,

I have just seen a number of IPs trying to brute-force my VoIP server
from Microsoft network. For example, 13.90.148.133, 20.55.203.249,
40.76.244.210... Traceroute really goes to MSN. More than a half of all
usual attempts to hack my Asterisk I got today, came from MSN.

What is happening? Am I missed something?

Current thread:

Microsoft is hacking my Asterisk??? O_o Max Tulyev (Nov 03)
- Re: Microsoft is hacking my Asterisk??? O_o Mike Hammett (Nov 03)
  - RE: Microsoft is hacking my Asterisk??? O_o Christian Kuhtz via NANOG (Nov 03)
    - Re: Microsoft is hacking my Asterisk??? O_o Gary E. Miller (Nov 03)
    - RE: [EXTERNAL] Re: Microsoft is hacking my Asterisk??? O_o Christian Kuhtz via NANOG (Nov 03)
    - Re: [EXTERNAL] Re: Microsoft is hacking my Asterisk??? O_o Gary E. Miller (Nov 03)
  - Re: Microsoft is hacking my Asterisk??? O_o Josh Luthman (Nov 03)
    - Re: Microsoft is hacking my Asterisk??? O_o Mike Hammett (Nov 03)
    - Re: Microsoft is hacking my Asterisk??? O_o Dovid Bender (Nov 03)
    - Re: Microsoft is hacking my Asterisk??? O_o Mike Hammett (Nov 03)
- Re: Microsoft is hacking my Asterisk??? O_o Gary E. Miller (Nov 03)
- Re: Microsoft is hacking my Asterisk??? O_o Dovid Bender (Nov 03)