RE: microsoft please contact me off list
Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ? Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:24 PM To: nanog@nanog.org Subject: microsoft please contact me off list Can a person in charge contact me off list mail:~ $ whois -h whois.arin.net 131.107.65.41 OrgName:Microsoft Corp OrgID: MSFT Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName:MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType:Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate:1988-11-11 Updated:2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: n...@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: n...@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: ipr...@microsoft.com # ARIN WHOIS database, last updated 2009-03-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. mail:~ $ whois -h whois.arin.net 131.107.65.41 Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00
Re: microsoft please contact me off list
You are getting dossed from a Microsoft network range? Really? Perhaps they got bit by a worm targeting windows systems? :) Thomas P. Galla wrote: Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ? Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:24 PM To: nanog@nanog.org Subject: microsoft please contact me off list Can a person in charge contact me off list mail:~ $ whois -h whois.arin.net 131.107.65.41 OrgName:Microsoft Corp OrgID: MSFT Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName:MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType:Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate:1988-11-11 Updated:2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: n...@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: n...@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: ipr...@microsoft.com # ARIN WHOIS database, last updated 2009-03-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. mail:~ $ whois -h whois.arin.net 131.107.65.41 Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00 -- Charles N Wyble char...@thewybles.com (818)280-7059 http://charlesnw.blogspot.com CTO SocalWiFI.net
RE: microsoft please contact me off list
More likely spoofed sources. Good luck. -Original Message- From: ext Charles Wyble [mailto:char...@thewybles.com] Sent: Thursday, March 12, 2009 12:40 PM To: Thomas P. Galla Cc: nanog@nanog.org Subject: Re: microsoft please contact me off list You are getting dossed from a Microsoft network range? Really? Perhaps they got bit by a worm targeting windows systems? :) Thomas P. Galla wrote: Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ? Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:24 PM To: nanog@nanog.org Subject: microsoft please contact me off list Can a person in charge contact me off list mail:~ $ whois -h whois.arin.net 131.107.65.41 OrgName:Microsoft Corp OrgID: MSFT Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName:MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType:Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate:1988-11-11 Updated:2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: n...@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: n...@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: ipr...@microsoft.com # ARIN WHOIS database, last updated 2009-03-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. mail:~ $ whois -h whois.arin.net 131.107.65.41 Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00 -- Charles N Wyble char...@thewybles.com (818)280-7059 http://charlesnw.blogspot.com CTO SocalWiFI.net
Re: microsoft please contact me off list
He's gonna need it! On Thu, Mar 12, 2009 at 12:54 PM, chris.ra...@nokia.com wrote: More likely spoofed sources. Good luck. -Original Message- From: ext Charles Wyble [mailto:char...@thewybles.com] Sent: Thursday, March 12, 2009 12:40 PM To: Thomas P. Galla Cc: nanog@nanog.org Subject: Re: microsoft please contact me off list You are getting dossed from a Microsoft network range? Really? Perhaps they got bit by a worm targeting windows systems? :) Thomas P. Galla wrote: Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ? Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:24 PM To: nanog@nanog.org Subject: microsoft please contact me off list Can a person in charge contact me off list mail:~ $ whois -h whois.arin.net 131.107.65.41 OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName: MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType: Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate: 1988-11-11 Updated: 2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: ...@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: ...@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: ipr...@microsoft.com # ARIN WHOIS database, last updated 2009-03-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. mail:~ $ whois -h whois.arin.net 131.107.65.41 Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00 -- Charles N Wyble char...@thewybles.com (818)280-7059 http://charlesnw.blogspot.com CTO SocalWiFI.net
Re: microsoft please contact me off list
Yes I agree. I forgot to do the *raises an incredulous eyebrow* bit. :) By the way try calling that number and reaching an operator then asking for the NOC. chris.ra...@nokia.com wrote: More likely spoofed sources. Good luck.
Re: microsoft please contact me off list
On Thu, 12 Mar 2009 12:40:06 PDT, Charles Wyble said: You are getting dossed from a Microsoft network range? Really? Perhaps they got bit by a worm targeting windows systems? :) You mean like this? http://www.theregister.co.uk/2001/07/20/code_red_bug_hits_microsoft/ (To be fair, screw-ups happen at *all* vendors eventually - the RedHat/Fedora crew had a small whoops! with the system that digitally signs their RPM packages a while ago. Just proves that security is harder to get right than a lot of people think...) pgpGWyhwKXmWq.pgp Description: PGP signature
Re: microsoft please contact me off list
In our case we didn't bother with where it was coming from - our router guy figured out where it was going to - and had that IP shut down a couple levels away from us. Thomas P. Galla wrote: Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ? Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:24 PM To: nanog@nanog.org Subject: microsoft please contact me off list Can a person in charge contact me off list mail:~ $ whois -h whois.arin.net 131.107.65.41 OrgName:Microsoft Corp OrgID: MSFT Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName:MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType:Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate:1988-11-11 Updated:2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: n...@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: n...@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: ipr...@microsoft.com # ARIN WHOIS database, last updated 2009-03-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. mail:~ $ whois -h whois.arin.net 131.107.65.41 Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00 -- Jeff Shultz
FYI RE: microsoft please contact me off list
Here is what I got back OBTW thanx Thomas = Sent: Thursday, March 12, 2009 4:22 PM To: Thomas P. Galla Subject: FW: microsoft please contact me off list Importance: High Thomas, I work in the research group managing the network range that you are reporting. Your network could be randomly included Honeymonkey(http://en.wikipedia.org/wiki/HoneyMonkey) or another research project(http://research.microsoft.com/en-us/um/redmond/projects/strider). Could you give me more details on what you are seeing or the IP range on your side that is being hit? Thx Steve Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:35 PM To: nanog@nanog.org Subject: RE: microsoft please contact me off list Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ? Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:24 PM To: nanog@nanog.org Subject: microsoft please contact me off list Can a person in charge contact me off list mail:~ $ whois -h whois.arin.net 131.107.65.41 OrgName:Microsoft Corp OrgID: MSFT Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName:MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType:Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate:1988-11-11 Updated:2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: n...@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: n...@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: ipr...@microsoft.com # ARIN WHOIS database, last updated 2009-03-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. mail:~ $ whois -h whois.arin.net 131.107.65.41 Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00
Re: FYI RE: microsoft please contact me off list
What were the traffic characteristics that lead you to believe you were under a DDOS attack? Thomas P. Galla wrote: Here is what I got back OBTW thanx Thomas = Sent: Thursday, March 12, 2009 4:22 PM To: Thomas P. Galla Subject: FW: microsoft please contact me off list Importance: High Thomas, I work in the research group managing the network range that you are reporting. Your network could be randomly included Honeymonkey(http://en.wikipedia.org/wiki/HoneyMonkey) or another research project(http://research.microsoft.com/en-us/um/redmond/projects/strider). Could you give me more details on what you are seeing or the IP range on your side that is being hit? Thx Steve Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:35 PM To: nanog@nanog.org Subject: RE: microsoft please contact me off list Sorry I am getting dos attacked from below and it would be nice if microsoft working abuse ph# or noc# or a name ? Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 -Original Message- From: Thomas P. Galla [mailto:t...@bluegrass.net] Sent: Thursday, March 12, 2009 3:24 PM To: nanog@nanog.org Subject: microsoft please contact me off list Can a person in charge contact me off list mail:~ $ whois -h whois.arin.net 131.107.65.41 OrgName:Microsoft Corp OrgID: MSFT Address:One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country:US NetRange: 131.107.0.0 - 131.107.255.255 CIDR: 131.107.0.0/16 NetName:MICROSOFT NetHandle: NET-131-107-0-0-1 Parent: NET-131-0-0-0-0 NetType:Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET Comment: RegDate:1988-11-11 Updated:2004-12-09 RTechHandle: ZM39-ARIN RTechName: Microsoft RTechPhone: +1-425-882-8080 RTechEmail: n...@microsoft.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: ab...@msn.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: n...@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: ipr...@microsoft.com # ARIN WHOIS database, last updated 2009-03-11 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. mail:~ $ whois -h whois.arin.net 131.107.65.41 Thomas P Galla t...@bluegrass.net BluegrassNet Voice (502) 589.INET [4638] Fax 502-315-0581 321 East Breckinridge St Louisville KY 40203 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 20:42:00 -- Charles N Wyble char...@thewybles.com (818)280-7059 http://charlesnw.blogspot.com CTO SocalWiFI.net