Blocking Microshaft - that's what you think
Going off at a tangent - I run a Windows 10 Pro (2004) VM on my Linux Mint desktop. I also run a pfsense firewall with the pfblockerNG package installed.
Obviously I have blocked Microsoft at a DNS level but have also blocked all Microsoft ASN I can find (25 so far). I will allow access to Microshaft but only when I decide its appropriate (eg Windows update check) otherwise the VM Win 10 client is blocked.
As soon as I booted the Windows 10 VM this afternoon pfsense reported that it tried to establish a connection (443) to these IP's
52.114.128.43
52.114.77.33
Whois shows they are both Microshaft
NetRange: 52.96.0.0 - 52.115.255.255
CIDR: 52.96.0.0/12, 52.112.0.0/14
NetName: MSFT
NetHandle: NET-52-96-0-0-1
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Assignment
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2015-11-24
Updated: 2015-11-24
Ref: https://rdap.arin.net/registry/ip/52.96.0.0
Conclusion
You may block Microsfaft at an DNS level but it appears to have some hard coding for IP addresses to circumvent this.
As I am somewhat neurotic I operate a similar ASN policy for Facebook. Google, Oracle, Adobe, Yahoo. Twitter, Telegram and Amazon. It can be a bit wearing at times but at least I decide who has access to what.
Whilst I am only a home user I also operate a default block outbound policy on pfsense - stops any IOT devices phoning home unless specifically authorised.
Think I'll go for a lie down now ....
Biting the hand that feeds IT
