Is anyone seeing large numbers of dictionary attacks from 20.42.100.251 (which is owned by Microsoft)? I'm curious if they're engaging in large-scale targeting.
I'm seeing more than 2,000 attempts daily from 20.42.100.251 against mail account local-parts like "test" and "teste" and 'testes" (I kid you not) in various domains. (The offending IP address has earned a spot in my block-and-forget list.) The passwords they're attempting are typically matching the local part, and with various 4-digit nubmers added -- they seem to be trying passwords for various years, covering ranges like "test1900" through "test2023" and so on. UCE-PROTECT (levels 1 and 2) have them blacklisted (and I agree with their decision to blacklist them). In case anyone's curious, browsing to the IP address yields only the default Ubuntu Linux web page from a fresh install of Apache HTTPd. P.S.: I don't bother reporting abuse directly to Microsoft anymore because in the past they just bounced every message sent to their postmaster@ and abuse@ accounts. I'm also not interested in spending the time required to fill out their long web-based reporting forms (I don't have time for that). -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop