What were the traffic characteristics that lead you to believe you were
under a DDOS attack?
Thomas P. Galla wrote:
Here is what I got back.... OBTW thanx
Thomas
=============================
Sent: Thursday, March 12, 2009 4:22 PM
To: Thomas P. Galla
Subject: FW: microsoft please contact me off list
Importance: High
Thomas,
I work in the research group managing the network range that you are reporting.
Your network could be randomly included
Honeymonkey(http://en.wikipedia.org/wiki/HoneyMonkey) or another research
project(http://research.microsoft.com/en-us/um/redmond/projects/strider).
Could you give me more details on what you are seeing or the IP range on your
side that is being hit?
Thx
Steve
Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203
-----Original Message-----
From: Thomas P. Galla [mailto:t...@bluegrass.net]
Sent: Thursday, March 12, 2009 3:35 PM
To: nanog@nanog.org
Subject: RE: microsoft please contact me off list
Sorry I am getting dos attacked from below and it would be nice if microsoft
working abuse ph# or noc# or a name ?
Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203
-----Original Message-----
From: Thomas P. Galla [mailto:t...@bluegrass.net]
Sent: Thursday, March 12, 2009 3:24 PM
To: nanog@nanog.org
Subject: microsoft please contact me off list
Can a person in charge contact me off list
mail:~ $ whois -h whois.arin.net 131.107.65.41
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09
RTechHandle: ZM39-ARIN
RTechName: Microsoft
RTechPhone: +1-425-882-8080
RTechEmail: n...@microsoft.com
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: ab...@msn.com
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: ab...@hotmail.com
OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: ab...@msn.com
OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: n...@microsoft.com
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: ipr...@microsoft.com
# ARIN WHOIS database, last updated 2009-03-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
mail:~ $ whois -h whois.arin.net 131.107.65.41
Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09
20:42:00
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09
20:42:00
--
Charles N Wyble char...@thewybles.com
(818)280-7059 http://charlesnw.blogspot.com
CTO SocalWiFI.net
