Abusive traffic from Azure, but Microsoft does not care?

Guðmundur Már Kristjánsson 21 Reputation points
2022-10-26T19:37:47.587+00:00

Hi!

Almost daily there are from 500K to 3.2 million connection attempts from one IP in the Azure network, in total we have had 164.159.454 requests from that IP since June 1st, those requests are both basic port scanning and then attempts to exploit known vulnerabilities. This is not the only IP that does a regular port scan of our network range, but this particular IP is so far off from anything that is considered normal behaviour. I've tried to submit two abuse reports via https://cert.microsoft.com but it's so blatantly obvious that the tickets are closed automatically, given that they are closed in the same minute as the ticket is created. The only reason why the tickets are closed automatically is probably because the source IP belongs to some Azure service, and I get some standard reply that tries to pin the responsibility to the customer that's using the IP.

"The activity reported is associated with a customer account within the Microsoft Azure service. Microsoft Azure provides a cloud computing platform in which customers can deploy their own software applications. Customers, not Microsoft, control what applications are deployed on their account."

That makes me wonder, does Microsoft/Azure condone abusive/malicious behaviour of their customers, or do they just not care as long as the customer keeps paying the monthly service fee? No, this is not ment to offend anyone, I'm genuinely wondering, since those two possibilities are the only ones that make sense to me.

IMHO then Microsoft can't just ignore this and blame the customer, in the end then the customer is using their infrastructure, and Microsoft has responsibility to stop abusive behaviour that's originating from their systems.

So! How can I escalate this or just communicate with someone that can do something about this? Please don't suggest https://cert.microsoft.com, that's pretty useless in this case.

Regards,
Gudmundur

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
67 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,239 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,199 questions
0 comments No comments
{count} votes

Accepted answer
  1. JimmySalian-2011 41,966 Reputation points
    2022-10-26T20:41:19.067+00:00

    Hi,

    I can suggest you to raise a severity level ticket over here from the Azure Portal and provide detailed information this should help to speed up the investigation and process instead of submitting it to the Cert online site.
    create-ticket

    Hope this helps.
    JS

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful