ALERT M$ hacking my box?

[mbellot]

I've noticed a fair bit of fail2ban activity happening on one specific IP address... 138.91.169.87

Fail2Ban runs a whois automatically and it comes back as belonging to our dear friends in Redmond.

Probably someone spoofing the address, but just curious if anyone has noticed similar activity.

 

[Trimline2]

I have a 3CX test box setup with the Skype module attached and see a lot of these using BeeThink IP Blocker (whitelist for windows) - do you have Skype on this machine?

 

[mbellot]

I have a 3CX test box setup with the Skype module attached and see a lot of these using BeeThink IP Blocker (whitelist for windows) - do you have Skype on this machine?

Nope, don't use Skype and it's not installed on any PC in the house that I'm aware of... And there is only one PC infected with iTunes.

I've upped my ban times from 30 minutes to six hours, we'll see if that deters whoever it is that's poking around.

 

[Hyksos]

What's so special here? It's like posting a random ip you found in your logs and asking if anybody else has noticed this ip or range hitting their box?
If you manually review the IPs scanning your public ip to take manual actions against them, you're doing something wrong. If you expose services without a whitelist, you're going to receive traffic... that's for sure.