Re: [CentOS] Port scanning from MicroSoft?

Mon, 25 Aug 2014 17:19:41 -0700 

On Aug 20, 2014, at 9:06, James B. Byrne <byrn...@harte-lyne.ca> wrote:

> This mornings activity log shows this:
> 
> . . .
>   From 23.102.132.99 - 2 packets to tcp(3389)
>   From 23.102.133.164 - 1 packet to tcp(3389)
>   From 23.102.134.239 - 2 packets to tcp(3389)
>   From 23.102.136.210 - 3 packets to tcp(3389)
>   From 23.102.136.222 - 2 packets to tcp(3389)
>   From 23.102.137.62 - 3 packets to tcp(3389)
>   From 23.102.137.101 - 2 packets to tcp(3389)
>   From 23.102.138.184 - 1 packet to tcp(3389)
>   From 23.102.138.216 - 1 packet to tcp(3389)
>   From 23.102.139.11 - 2 packets to tcp(3389)
>   From 23.102.139.27 - 5 packets to tcp(3389)
>   From 23.102.140.90 - 2 packets to tcp(3389)
>   From 23.102.140.158 - 3 packets to tcp(3389)
>   From 23.102.161.114 - 1 packet to tcp(3389)
>   From 23.102.170.1 - 2 packets to tcp(3389)
>   From 23.102.170.48 - 4 packets to tcp(3389)
>   From 23.102.171.49 - 2 packets to tcp(3389)
>   From 23.102.172.233 - 2 packets to tcp(3389)
>   From 23.102.173.124 - 2 packets to tcp(3389)
> . . .
> 
> These are either mostly or entirely MicroSoft.com addresses.  Any ideas as to
> what legitimate use this probing might have?  I know that 3389 is MS-RDP.  My
> question is why would a 'reputable' firm be scanning my systems for open
> connections on that port?
> 
> -- 
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:byrn...@harte-lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3

Azure servers. 

You’ll also see them from Amazon’s cloud. 

Neither company apparently does any active monitoring of the total crud they 
allow people to spew from their VMs.  We’ve seen everything from RDP to SSH 
brute force scripts from both.  

How one could get into the VM business without KNOWING idiots would happily pay 
for and utilize VMs on big bandwidth to do stupid human tricks, and take 
appropriate precautions NOT to become part of the problem…  is beyond me.

Nate
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to