Abusive traffic from Microsoft China?

Just wondering if anyone else is seeing huge random
floods of traffic from:

inetnum: 202.96.51.128 - 202.96.51.255
netname: MICROSOFT-CO
descr: Microsft (China) Co.Ltd
country: CN
admin-c: CH455-AP
tech-c: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: suny@publicf.bta.net.cn 20060926
status: ALLOCATED NON-PORTABLE
source: APNIC
changed: suny@publicf.bta.net.cn 20060926

On a nearly daily basis we see them randomly open
thousands of connections from a variety of addresses
in that block to multiple servers. I've emailed
of coruse but that results in nothing. Probably
will just end up blocking them.

Thanks,

David

Looks fishy. Why would a company the size of Microsoft register a
single /25? I doubt MS really owns that block. Sounds more like a
hacker playground to me.

Chuck

Looks fishy. Why would a company the size of Microsoft register a
single /25? I doubt MS really owns that block. Sounds more like a

They have a small office there serviced by a dsl link to the local
telco (CNCGroup)... This happens all the time.

hacker playground to me.

maybe, probably not though.

Yeah.. I would nmap it, see whats there and check for web sites etc.

Also check revdns/fwddns for the address space and see if they match and
have microsoft registered domains.

Looks fishy. Why would a company the size of Microsoft register a
single /25? I doubt MS really owns that block.

especially since I think MS knows how to spell its own name:

I am seeing what I can find out about this block.

Thanks,

Christian

they provider (CNC group) does all of this,
MS/the-customer-in-question doesn't touch this...(sure they can
complain 'you spelled me wrong', but)

What are you seeing? port 80 traffic? port 25?

thousands of random connections sounds like web indexing to me.

-Dan