Hi!
Almost daily there are from 500K to 3.2 million connection attempts from one IP in the Azure network, in total we have had 164.159.454 requests from that IP since June 1st, those requests are both basic port scanning and then attempts to exploit known vulnerabilities. This is not the only IP that does a regular port scan of our network range, but this particular IP is so far off from anything that is considered normal behaviour. I've tried to submit two abuse reports via https://cert.microsoft.com but it's so blatantly obvious that the tickets are closed automatically, given that they are closed in the same minute as the ticket is created. The only reason why the tickets are closed automatically is probably because the source IP belongs to some Azure service, and I get some standard reply that tries to pin the responsibility to the customer that's using the IP.
"The activity reported is associated with a customer account within the Microsoft Azure service. Microsoft Azure provides a cloud computing platform in which customers can deploy their own software applications. Customers, not Microsoft, control what applications are deployed on their account."
That makes me wonder, does Microsoft/Azure condone abusive/malicious behaviour of their customers, or do they just not care as long as the customer keeps paying the monthly service fee? No, this is not ment to offend anyone, I'm genuinely wondering, since those two possibilities are the only ones that make sense to me.
IMHO then Microsoft can't just ignore this and blame the customer, in the end then the customer is using their infrastructure, and Microsoft has responsibility to stop abusive behaviour that's originating from their systems.
So! How can I escalate this or just communicate with someone that can do something about this? Please don't suggest https://cert.microsoft.com, that's pretty useless in this case.
Regards,
Gudmundur
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 57.99999999999999%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 89%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
