Hello All,
I was looking at my fail2ban setup tonight and noticed some unusual activity.
Lo and behold, the IP is registered to Microsoft. What it's doing scanning my
SSH port I don't know but I went looking around on Google and found a way to
do it in pfSense. If you want the particulars, look at the article (URL at
end of message) but look at the size of this list of domains and subdomains to
block (this is from 2019 so I am sure it's out of date):
===
a-0001.a-msedge.net
a.ads1.msn.com
a.ads2.msn.com
ad.doubleclick.net
adnexus.net
adnxs.com
ads.msn.com
ads1.msads.net
ads1.msn.com
az361816.vo.msecnd.net
az512334.vo.msecnd.net
choice.microsoft.com
choice.microsoft.com.nsatc.net
compatexchange.cloudapp.net
corp.sts.microsoft.com
corpext.msitadfs.glbdns2.microsoft.com
cs1.wpc.v0cdn.net
cs1.wpc.v0cdn.net statsfe1.ws.microsoft.com
df.telemetry.microsoft.com
diagnostics.support.microsoft.com
fe2.update.microsoft.com.akadns.net
feedback.microsoft-hohm.com
feedback.search.microsoft.com
feedback.windows.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
preview.msn.com
rad.msn.com
redir.metaservices.microsoft.com
reports.wes.df.telemetry.microsoft.com
services.wes.df.telemetry.microsoft.com
settings-sandbox.data.microsoft.com
sls.update.microsoft.com.akadns.net
sqm.df.telemetry.microsoft.com
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
statsfe1.ws.microsoft.com
statsfe2.update.microsoft.com.akadns.net
statsfe2.ws.microsoft.com
survey.watson.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.appex.bing.net:443
telemetry.microsoft.com
telemetry.urs.microsoft.com
vortex-sandbox.data.microsoft.com
vortex-win.data.microsoft.com
vortex.data.microsoft.com
watson.live.com
watson.microsoft.com
watson.ppe.telemetry.microsoft.com
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
wes.df.telemetry.microsoft.com
a.ads1.msn.com
a.ads2.msads.net
a.ads2.msn.com
a.rad.msn.com
a-0001.a-msedge.net
a-0002.a-msedge.net
a-0003.a-msedge.net
a-0004.a-msedge.net
a-0005.a-msedge.net
a-0006.a-msedge.net
a-0007.a-msedge.net
a-0008.a-msedge.net
a-0009.a-msedge.net
ac3.msn.com
ad.doubleclick.net
adnexus.net
adnxs.com
ads.msn.com
ads1.msads.net
ads1.msn.com
aidps.atdmt.com
aka-cdn-ns.adtech.de
a-msedge.net
apps.skype.com
az361816.vo.msecnd.net
az512334.vo.msecnd.net
b.ads1.msn.com
b.ads2.msads.net
b.rad.msn.com
bs.serving-sys.com
c.atdmt.com
c.msn.com
ca.telemetry.microsoft.com
cache.datamart.windows.com
cdn.atdmt.com
cds26.ams9.msecn.net
choice.microsoft.com
choice.microsoft.com.nsatc.net
compatexchange.cloudapp.net
corp.sts.microsoft.com
corpext.msitadfs.glbdns2.microsoft.com
cs1.wpc.v0cdn.net
db3aqu.atdmt.com
db3wns2011111.wns.windows.com
df.telemetry.microsoft.com
diagnostics.support.microsoft.com
ec.atdmt.com
fe2.update.microsoft.com.akadns.net
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
feedback.microsoft-hohm.com
feedback.search.microsoft.com
feedback.windows.com
flex.msn.com
g.msn.com
h1.msn.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
lb1.www.ms.akadns.net
live.rads.msn.com
m.adnxs.com
m.hotmail.com
msedge.net
msftncsi.com
msnbot-207-46-194-33.search.msn.com
msnbot-65-55-108-23.search.msn.com
msntest.serving-sys.com
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
preview.msn.com
pricelist.skype.com
rad.live.com
rad.msn.com
redir.metaservices.microsoft.com
reports.wes.df.telemetry.microsoft.com
s.gateway.messenger.live.com
s0.2mdn.net
schemas.microsoft.akadns.net
secure.adnxs.com
secure.flashtalking.com
services.wes.df.telemetry.microsoft.com
settings.data.microsof.com
settings-sandbox.data.microsoft.com
settings-win.data.microsoft.com
sls.update.microsoft.com.akadns.net
sO.2mdn.net
spynet2.microsoft.com
spynetalt.microsoft.com
sqm.df.telemetry.microsoft.com
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
ssw.live.com
static.2mdn.net
statsfe1.ws.microsoft.com
statsfe2.update.microsoft.com.akadns.net
statsfe2.ws.microsoft.com
survey.watson.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
telecommand.telemetry.microsoft.com.nsat­c.net
telemetry.appex.bing.net
telemetry.appex.bing.net:443
telemetry.microsoft.com
telemetry.urs.microsoft.com
ui.skype.com
v10.vortex-win.data.microsoft.com
view.atdmt.com
vortex.data.microsoft.com
vortex-bn2.metron.live.com.nsatc.net
vortex-cy2.metron.live.com.nsatc.net
vortex-sandbox.data.microsoft.com
vortex-win.data.microsoft.com
watson.live.com
watson.microsoft.com
watson.ppe.telemetry.microsoft.com
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
wes.df.telemetry.microsoft.com
win10.ipv6.microsoft.com
www.msftncsi.com
dns.msftncsi.com
ipv6.msftncsi.com
win10.ipv6.microsoft.com
ipv6.msftncsi.com.edgesuite.net
a978.i6g1.akamai.net
win10.ipv6.microsoft.com.nsatc.net
en-us.appex-rf.msn.com
v10.vortex-win.data.microsoft.com
client.wns.windows.com
wildcard.appex-rf.msn.com.edgesuite.net
v10.vortex-win.data.metron.life.com.nsatc.net
wns.notify.windows.com.akadns.net
americas2.notify.windows.com.akadns.net
travel.tile.appex.bing.com
any.edge.bing.com
fe3.delivery.mp.microsoft.com
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
ssw.live.com
ssw.live.com.nsatc.net
login.live.com.nsatc.net
directory.services.live.com
directory.services.live.com.akadns.net
bl3302.storage.live.com
skyapi.live.net
bl3302geo.storage.dkyprod.akadns.net
skyapi.skyprod.akadns.net
skydrive.wns.windows.com
register.mesh.com
BN1WNS2011508.wns.windows.com
settings-win.data.microsoft.com
settings.data.glbdns2.microsoft.com
OneSettings-bn2.metron.live.com.nsatc.net
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
===
The URL is:
https://adobosyntax.wordpress.com/2019/04/06/...
nse/
You use the DNSBL in pfBlockerNG to do this in pfSense.
You CAN block directly via CIDR but you have to make eight seperate rules and
I do not feel like doing that. <G>
-- Sean
... "When the mouse laughs at the cat, there is a hole nearby." - Nigerian
proverb
... "Does anyone REALLY read these stupid quotes?" - the SysOp
--- GoldED+/LNX 1.1.5-b20180707
* Origin: Outpost BBS * Johnson City, TN (618:618/1)
|
Computer Support/Help/Discussion... 
