Microsoft IPs?
Thread Starter
Scooby Senior
Joined: Feb 2000
Posts: 5,763
Likes: 0
From: West Midlands
Microsoft IPs?
Just wondering, but on our work BBS there is an IP address that seems to regularly connect (as a guest). The WHOIS suggests that the source is Microsoft, but it is "the great entity itself" or just one of their subscribers to some service or ISP that they provide????
Lookup posted below (with the actual IP obscured).
Cheers,
mb
Lookup posted below (with the actual IP obscured).
Cheers,
mb
Code:
whois -h whois.arin.net 207.46.xxx.zzz
Comment:
# ARIN WHOIS database, last updated 2005-10-03 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
RegDate: 1997-03-31
Updated: 2004-12-09
TechHandle: ZM39-ARIN
TechName: Microsoft
TechPhone: +1-425-882-8080
TechEmail: noc@microsoft.com
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@hotmail.com
OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@msn.com
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: noc@microsoft.com
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: iprrms@microsoft.com
Scooby Newbie
Joined: Apr 2005
Posts: 17
Likes: 0
From: London
that is a legit MS IP range... My guess is bored employee or trawling MS bot... Anyone who has a hotmail account should know what I mean as all email passing through hotmail is scanned and worked on by the many machines at MS...
Thread Starter
Scooby Senior
Joined: Feb 2000
Posts: 5,763
Likes: 0
From: West Midlands
forseti,
Could be an MS bot, as we already have GoogleBots appearing in the logs.
Shame the IP range is sooo big to help identify any specifics. Any thoughts on how to "spot bots" (e.g. specific strings in text strings to match search engine lookups)??
mb
Could be an MS bot, as we already have GoogleBots appearing in the logs.
Shame the IP range is sooo big to help identify any specifics. Any thoughts on how to "spot bots" (e.g. specific strings in text strings to match search engine lookups)??
mb
Scooby Newbie
Joined: Apr 2005
Posts: 17
Likes: 0
From: London
Hi Boomer,
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
Thread Starter
Scooby Senior
Joined: Feb 2000
Posts: 5,763
Likes: 0
From: West Midlands
Originally Posted by unfeasablylargegonads
try an nslookup on the Ip addres prehaps the DNS name may give you a clue
i'll give that a try next time (forgot to save the whole IP after obscuration - doh!).
Cheers,
mb
Thread Starter
Scooby Senior
Joined: Feb 2000
Posts: 5,763
Likes: 0
From: West Midlands
Originally Posted by forseti
Hi Boomer,
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
trubble is that our forum is hosted at an ISP, and we only have limited logs (e.g. what phpBB provides) - let alone sniffing ports (much better to drink
)Cheers,
mb
Trending Topics
Thread Starter
Scooby Senior
Joined: Feb 2000
Posts: 5,763
Likes: 0
From: West Midlands
Originally Posted by unfeasablylargegonads
try an nslookup on the Ip addres prehaps the DNS name may give you a clue
Managed to try out your suggestion and hey presto - "msnbot.msn.com"
They have been particularly active over the last few days, and yet we haven't seen any GoogleBots for a while.
Cheers,
mb
Thread
Thread Starter
Forum
Replies
Last Post
ptholt
Computer & Technology Related
3
Dec 2, 2002 02:02 PM
paulmon
Non Scooby Related
1
Dec 7, 2001 02:29 PM