Microsoft IPs?
#1
Scooby Senior
Thread Starter
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
Microsoft IPs?
Just wondering, but on our work BBS there is an IP address that seems to regularly connect (as a guest). The WHOIS suggests that the source is Microsoft, but it is "the great entity itself" or just one of their subscribers to some service or ISP that they provide????
Lookup posted below (with the actual IP obscured).
Cheers,
mb
Lookup posted below (with the actual IP obscured).
Cheers,
mb
Code:
whois -h whois.arin.net 207.46.xxx.zzz Comment: # ARIN WHOIS database, last updated 2005-10-03 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 207.46.0.0 - 207.46.255.255 CIDR: 207.46.0.0/16 NetName: MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET RegDate: 1997-03-31 Updated: 2004-12-09 TechHandle: ZM39-ARIN TechName: Microsoft TechPhone: +1-425-882-8080 TechEmail: noc@microsoft.com OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@hotmail.com OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@msn.com OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@microsoft.com OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: noc@microsoft.com OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: iprrms@microsoft.com
#2
that is a legit MS IP range... My guess is bored employee or trawling MS bot... Anyone who has a hotmail account should know what I mean as all email passing through hotmail is scanned and worked on by the many machines at MS...
#3
Scooby Senior
Thread Starter
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
forseti,
Could be an MS bot, as we already have GoogleBots appearing in the logs.
Shame the IP range is sooo big to help identify any specifics. Any thoughts on how to "spot bots" (e.g. specific strings in text strings to match search engine lookups)??
mb
Could be an MS bot, as we already have GoogleBots appearing in the logs.
Shame the IP range is sooo big to help identify any specifics. Any thoughts on how to "spot bots" (e.g. specific strings in text strings to match search engine lookups)??
mb
#5
Hi Boomer,
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
#6
Scooby Senior
Thread Starter
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by unfeasablylargegonads
try an nslookup on the Ip addres prehaps the DNS name may give you a clue
i'll give that a try next time (forgot to save the whole IP after obscuration - doh!).
Cheers,
mb
#7
Scooby Senior
Thread Starter
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by forseti
Hi Boomer,
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
You could span the port and sniff some traffic for a while if the person or bot logs on or accesses the site regularly enough. Then you can baseline and profile the connection to see what they are doing. Then if you are really keen you could attempt a scan of the IP to see what OS/browser it is running and that will give you some idea either way...
trubble is that our forum is hosted at an ISP, and we only have limited logs (e.g. what phpBB provides) - let alone sniffing ports (much better to drink )
Cheers,
mb
Trending Topics
#10
Scooby Senior
Thread Starter
Join Date: Feb 2000
Location: West Midlands
Posts: 5,763
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by unfeasablylargegonads
try an nslookup on the Ip addres prehaps the DNS name may give you a clue
Managed to try out your suggestion and hey presto - "msnbot.msn.com"
They have been particularly active over the last few days, and yet we haven't seen any GoogleBots for a while.
Cheers,
mb
Thread
Thread Starter
Forum
Replies
Last Post
ptholt
Computer & Technology Related
3
02 December 2002 02:02 PM
paulmon
Non Scooby Related
1
07 December 2001 02:29 PM