Just got 2 notifications that one of Microsoft's IP has been temporarily and then permanently blocked for port scanning?
131.107.0.114 (US/United States/tide544.microsoft.com)
Should we unblock it?
Printable View
Just got 2 notifications that one of Microsoft's IP has been temporarily and then permanently blocked for port scanning?
131.107.0.114 (US/United States/tide544.microsoft.com)
Should we unblock it?
Quite easy to set false rDNS entries. Leave it.
While it is easy to fake rDNS entries its not so easy to fake the owner of the IP RANGE it belongs to.
http://www.networksolutions.com/whoi...=131.107.0.114
i belive its for hotmail.
Or not.....
Quote:
tim@xenon:~$ jwhois 131.107.0.114
[Querying whois.arin.net]
[whois.arin.net]
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09
So what is the consensus here?
It looks like Microsoft, but it may not really matter if you unblock it.
Trace Routes. It appears to be sitting on Microsoft's Servers, but the pings to some of those servers are really high, so I can't tell.
Quote:
Tracing route to tide544.microsoft.com [131.107.0.114]
over a maximum of 30 hops:
1 <1 ms 1 ms <1 ms 192.168.254.254
2 * * * Request timed out.
3 50 ms 143 ms 124 ms alma-gw-rtr1.accessatc.net [216.81.96.1]
4 115 ms 105 ms 103 ms gi1-30.mpd01.atl04.atlas.cogentco.com [38.104.18
3.5]
5 107 ms 117 ms 135 ms te7-4.mpd01.atl01.atlas.cogentco.com [154.54.3.1
73]
6 387 ms 390 ms 365 ms te7-3.ccr02.atl01.atlas.cogentco.com [154.54.28.
57]
7 282 ms 325 ms 277 ms te8-1.ccr01.mia01.atlas.cogentco.com [154.54.26.
10]
8 193 ms 218 ms 123 ms te4-3.ccr01.mia03.atlas.cogentco.com [154.54.2.1
54]
9 322 ms 183 ms 161 ms 198.32.124.189
10 414 ms 367 ms 402 ms 207.46.43.234
11 406 ms 397 ms 398 ms 207.46.43.190
12 435 ms 413 ms 491 ms ge-0-1-0-0.wst-64cb-1a.ntwk.msn.net [207.46.43.1
95]
13 949 ms 1117 ms 889 ms ge-0-2-0-0.tuk-64cb-1b.ntwk.msn.net [207.46.47.7
0]
14 828 ms 647 ms 682 ms ge-7-0-0-0.tuk-64cb-1a.ntwk.msn.net [207.46.47.6
8]
15 681 ms 656 ms 641 ms vlan54.tuk-76e-1.ntwk.msn.net [207.46.46.24]
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * ^C
We just don't want to deny Bing or MSN search for any reason. Why have their servers been port scanning us for weeks? Whatever they did, CSF / LFD ended up blocking this IP permanently. Should we unblock?
It seems this is above serious issue. Microsoft port scanning other ip's ?? something's not right here
May apply to you.
http://technet.microsoft.com/en-us/l.../cc512655.aspx
Pretty informative , thankyou