Ok so the subject may be a little inflammatory, but 5 of these scans over the past couple days and I have logs going back to months with many more. This particular ip is in hosts.deny now and any more and I think I should just place the entire microsoft.com domain in there as well.
Just seems a little strange and too consistent. Any thoughts from the conspiracy theoriists =-=-=-=-=-=-=-=-=-=-=-= Sun Jun 15 21:31:02 2003 =-=-=-=-=-=-=-=-=-=-=-= -**- psad: Suspicious traffic detected against anit426zy31fi.ab.hsia.telus.net (209.89.238.43). Source: 65.54.240.61 Source DNS: [No reverse dns info available] Destination: 209.89.238.43 Danger level: [1] (out of 5) Current interval: Sun Jun 15 21:30:57 2003 (start) Sun Jun 15 21:31:02 2003 (end) Scanned UDP ports: [1043-2962: 5 pkts, Nmap: -sU] Overall stats since: Wed Jun 11 19:54:17 2003 Complete UDP range: [1043-2962] Total TCP packets: 0 Total UDP packets: 5 Total ICMP packets: 0 ---- Whois Information: ---- OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 65.52.0.0 - 65.55.255.255 CIDR: 65.52.0.0/14 NetName: MICROSOFT-1BLK NetHandle: NET-65-52-0-0-1 Parent: NET-65-0-0-0-0 NetType: Direct Assignment NameServer: DNS1.CP.MSFT.NET NameServer: DNS2.CP.MSFT.NET NameServer: DNS1.TK.MSFT.NET NameServer: DNS1.DC.MSFT.NET NameServer: DNS1.SJ.MSFT.NET Comment: RegDate: 2001-02-14 Updated: 2002-12-05 TechHandle: ZM23-ARIN TechName: Microsoft Corporation TechPhone: +1-425-882-8080 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: [EMAIL PROTECTED] OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: [EMAIL PROTECTED] OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2003-06-14 21:05 # Enter ? for additional hints on searching ARIN's WHOIS database. =-=-=-=-=-=-=-=-=-=-=-= Sun Jun 15 21:31:02 2003 =-=-=-=-=-=-=-=-=-=-=-= <hr> <b><font color=blue size=4>Open Enterprise Solutions</font> <font color=red>Linux & Open Source Solutions for Business</font></b> Johnny Stork, B.A. Calgary, AB <a href="http://www.openenterprise.ca";> www.openenterprise.ca</a>
