Re: Abusive traffic from Microsoft China?

["Christopher Morrow" <christopher.morrow () gmail com>]

On 11/8/07, Church, Charles <cchurc05 () harris com> wrote:
> Looks fishy.  Why would a company the size of Microsoft register a
> single /25?  I doubt MS really owns that block.  Sounds more like a

They have a small office there serviced by a dsl link to the local
telco (CNCGroup)... This happens all the time.

> hacker playground to me.

maybe, probably not though.

> Chuck
>
> -----Original Message-----
> From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
> David Hubbard
> Sent: Thursday, November 08, 2007 12:23 PM
> To: nanog () merit edu
> Subject: Abusive traffic from Microsoft China?
>
>
>
> Just wondering if anyone else is seeing huge random
> floods of traffic from:
>
> inetnum:      202.96.51.128 - 202.96.51.255
> netname:      MICROSOFT-CO
> descr:        Microsft (China) Co.Ltd
> country:      CN
> admin-c:      CH455-AP
> tech-c:       SY21-AP
> mnt-by:       MAINT-CNCGROUP-BJ
> changed:      suny () publicf bta net cn 20060926
> status:       ALLOCATED NON-PORTABLE
> source:       APNIC
> changed:      suny () publicf bta net cn 20060926
>
> On a nearly daily basis we see them randomly open
> thousands of connections from a variety of addresses
> in that block to multiple servers.  I've emailed
> of coruse but that results in nothing.  Probably
> will just end up blocking them.
>
> Thanks,
>
> David