Is anyone seeing large numbers of dictionary attacks from
20.42.100.251 (which is owned by Microsoft)? I'm curious if they're
engaging in large-scale targeting.
I'm seeing more than 2,000 attempts daily from 20.42.100.251 against
mail account local-parts like "test" and "teste" and 'testes" (I kid
you not) in various domains. (The offending IP address has earned a
spot in my block-and-forget list.)
The passwords they're attempting are typically matching the local
part, and with various 4-digit nubmers added -- they seem to be
trying passwords for various years, covering ranges like "test1900"
through "test2023" and so on.
UCE-PROTECT (levels 1 and 2) have them blacklisted (and I agree with
their decision to blacklist them).
In case anyone's curious, browsing to the IP address yields only the
default Ubuntu Linux web page from a fresh install of Apache HTTPd.
P.S.: I don't bother reporting abuse directly to Microsoft anymore
because in the past they just bounced every message sent to their
postmaster@ and abuse@ accounts. I'm also not interested in spending
the time required to fill out their long web-based reporting forms (I
don't have time for that).
--
Postmaster - [email protected]
Randolf Richardson, CNA - [email protected]
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
