Reply to post: Blocking Microshaft - that's what you think

Microsoft accused of sharing data of Office 365 business subscribers with Facebook and its app devs

Recluse

Blocking Microshaft - that's what you think

Going off at a tangent - I run a Windows 10 Pro (2004) VM on my Linux Mint desktop. I also run a pfsense firewall with the pfblockerNG package installed.

Obviously I have blocked Microsoft at a DNS level but have also blocked all Microsoft ASN I can find (25 so far). I will allow access to Microshaft but only when I decide its appropriate (eg Windows update check) otherwise the VM Win 10 client is blocked.

As soon as I booted the Windows 10 VM this afternoon pfsense reported that it tried to establish a connection (443) to these IP's

52.114.128.43

52.114.77.33

Whois shows they are both Microshaft

NetRange: 52.96.0.0 - 52.115.255.255

CIDR: 52.96.0.0/12, 52.112.0.0/14

NetName: MSFT

NetHandle: NET-52-96-0-0-1

Parent: NET52 (NET-52-0-0-0-0)

NetType: Direct Assignment

OriginAS:

Organization: Microsoft Corporation (MSFT)

RegDate: 2015-11-24

Updated: 2015-11-24

Ref: https://rdap.arin.net/registry/ip/52.96.0.0

Conclusion

You may block Microsfaft at an DNS level but it appears to have some hard coding for IP addresses to circumvent this.

As I am somewhat neurotic I operate a similar ASN policy for Facebook. Google, Oracle, Adobe, Yahoo. Twitter, Telegram and Amazon. It can be a bit wearing at times but at least I decide who has access to what.

Whilst I am only a home user I also operate a default block outbound policy on pfsense - stops any IOT devices phoning home unless specifically authorised.

Think I'll go for a lie down now ....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021