Hacked By Microsoft?

Home » Asterisk Users » Hacked By Microsoft?
Asterisk Users 3 Comments

This morning someone tried to make sip call through my Asterisk. My server just drop these calls and record them in CDR with IP address:

2012-11-28 06:30:51 SIP/216… 1000 “1000” <1000> hangup
999011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239
2. 2012-11-28 06:30:49 SIP/216… 1000 “1000” <1000> Hangup
88011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239
3. 2012-11-28 06:30:46 SIP/216… 1000 “1000” <1000> Answer
99011972592249388 ANSWERED 00:02
4. 2012-11-28 06:30:43 SIP/216… 1000 “1000” <1000> Answer
1011972592249388 ANSWERED 00:02
5. 2012-11-28 06:30:39 SIP/216… 1000 “1000” <1000> Hangup
2011972592249388 ANSWERED 00:00 Hacker: 168.63.67.239
6. 2012-11-28 06:30:33 SIP/216… 1000 “1000” <1000> Hangup
7011972592249388 ANSWERED 00:01 Hacker: 168.63.67.239
7. 2012-11-28 06:30:30 SIP/216… 1000 “1000” <1000> Answer
8011972592249388 ANSWERED 00:03
8. 2012-11-28 06:30:27 SIP/216… 1000 “1000” <1000> Hangup
9011972592249388 ANSWERED 00:06 Hacker: 168.63.67.239
9. 2012-11-28 06:30:25 SIP/216… 1000 “1000” <1000> Answer
011972592249388 ANSWERED 00:07

Now I noticed something interesting: The hacker’s IP address: 168.63.67.239

whois gave me:
NetRange: 168.61.0.0 – 168.63.255.255
CIDR: 168.61.0.0/16, 168.62.0.0/15
OriginAS:
NetName: MSFT-EP
NetHandle: NET-168-61-0-0-1
Parent: NET-168-0-0-0-0
NetType: Direct Assignment RegDate: 2011-06-22
Updated: 2012-10-16
Ref: http://whois.arin.net/rest/net/NET-168-61-0-0-1

OrgName: Microsoft Corp OrgId: MSFT-Z
Address: One Microsoft Way City: Redmond StateProv: WA
PostalCode: 98052
Country: US
RegDate: 2011-06-22
Updated: 2011-06-22
Ref: http://whois.arin.net/rest/org/MSFT-Z

hmmmmmmm…. Did I just hacked by Micro$oft?

Gao

3 thoughts on - Hacked By Microsoft?

  • You’re not serious right ?

    That is just the center of the country since no better location is available.

  • I would put it in the North East. In or around New York. With some questionable routing towards the end of its journey.

    $ traceroute 168.63.67.239
    traceroute to 168.63.67.239 (168.63.67.239), 64 hops max, 40 byte packets
    1 49.b167.bendtel.net (66.39.167.49) 0.402 ms 0.345 ms 0.320 ms
    2 g0-0-0.c1.sea1.bendtel.net (66.39.191.30) 9.896 ms 9.862 ms 9.919 ms
    3 six2.microsoft.com (206.81.80.68) 436.893 ms 297.630 ms 211.67 ms
    4 ge-1-3-0-57.wst-64cb-1b.ntwk.msn.net (207.46.46.39) 9.850 ms
    9.917 ms 9.909 ms
    5 xe-0-2-1-0.co1-96c-1a.ntwk.msn.net (207.46.45.216) 14.10 ms 14.37
    ms 13.984 ms
    6 ge-7-2-0-0.co1-64c-1b.ntwk.msn.net (207.46.40.166) 14.938 ms
    15.28 ms 15.75 ms
    7 ge-2-0-0-0.nyc-64cb-1a.ntwk.msn.net (207.46.40.91) 83.664 ms
    83.821 ms 83.744 ms
    8 207.46.45.231 (207.46.45.231) 172.135 ms 160.999 ms 159.25 ms
    9 xe-3-0-0-0.db3-96c-1b.ntwk.msn.net (207.46.42.33) 160.677 ms
    158.852 ms 158.812 ms
    10 10.22.179.127 (10.22.179.127) 160.594 ms 10.22.178.195
    (10.22.178.195) 157.664 ms 10.175.44.3 (10.175.44.3) 160.500 ms
    11 10.175.46.247 (10.175.46.247) 159.802 ms 159.636 ms 10.175.46.201
    (10.175.46.201) 158.802 ms
    12 *^C