Attempted access by Ministry of Defence IPs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Attempted access by Ministry of Defence IPs
Attempted access by Ministry of Defence IPs
19-11-2016 12:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have several Microsoft outlook.com accounts used mainly for sharing contacts between PCs and mobile devices.
Yesterday 18th November, I had a series of ‘unusual activity’ alerts from Microsoft referring to some of these accounts. Desktop Outlook was also being blocked from accessing each account – it repeatedly asked for the password. Connecting to the accounts via a browser (and MSFTs additional verification via an SMS code) showed that the ‘unusual activity’ was from a couple of Ministry of Defence 25.xxx.xxx.xxx IP addresses. After changing passwords, and then deleting and re-adding the outlook.com accounts to Outlook, things were back to normal.
But when Outlook was rejecting logins, it was acting as if it were using an MOD client address rather than mine (I have a static IP), and the MSFT account activity log confirmed this.
Stranger and stranger.
I checked my (up to date) Netgear router (no – it does not have the default password!) to see if there had been any visible hacking activity to add an addition WAN address. Nope.
I than ran a Kaspersky full (including rootkit) scan to see if anything nasty has been downloaded. Nothing. And I did likewise on my other PCs with the same problem.
Since the MOD and I are unconnected and they have no obvious reason to be monitoring me, I am left with two conclusions: either someone using MOD kit is having a go at me for no apparent reason, or some legitimate program (an Outlook add-in?) has decided to use an MOD address.
But is what is even odder is if (if…) the originator is at my end (PCs, router,…) why PN’s gateway routers didn’t simply reject packets from IP ranges outside their own.
Any ideas or similar occurrences?
Re: Attempted access by Ministry of Defence IPs
19-11-2016 12:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Are you using any type of VPN software?
The 25.*.*.* range of IP addresses is assigned to the MoD, but apparently it's not reachable from the Internet, so some software uses 25.*.*.* IP addresses in the same way as 192.168.*.* or 10.*.*.* IP addresses are used in LANs.
Re: Attempted access by Ministry of Defence IPs
19-11-2016 9:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
i'm also getting this issue
Re: Attempted access by Ministry of Defence IPs
20-11-2016 12:58 PM - edited 20-11-2016 12:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Although MSFT has made no announcement, it appears that there has been an outage of some kind - especially in the UK - on 18th and 19th November, judging by the number of posts on various "it's down" forum sites (e.g. downdetector,com). Further, the outage appears to have impacted access to outlook.com from PC clients such as Outlook as opposed to browser access. This is quite feasible because, if you think about it, the access mechanism and protocols from the two are entirely different.
My pure guess is that the 25.x.x.x accesses (which trigger a MSFT verification check) were caused by MSFT itself or some other 'supplier' en route (PN?) using this address range internally, and because of whatever happened it wasn't being translated to the correct client IP (vide the typical domestic hub 'NAT gateway' function). A MSFT edge router failure perhaps?
Re: Attempted access by Ministry of Defence IPs
20-11-2016 10:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not that it should be routable, but the 25.x.x.x range has been commandeered by Hamachi for a while (which I think is the VPN software that @ejs refers to. I can't see how that would get in your Outlook though, because it doesn't support gateways (as far as I'm aware) so only lets you access other 25.x.x.x addresses
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Attempted access by Ministry of Defence IPs