Cloud Connectivity

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ActiveSync Brute Force Attempt from Oracle IP

Moh Sen4 days ago — edited 3 days ago

Hi,

Our organization detected thousands of GET requests were observed originating from an external IP address owned by Oracle Cloud (141.147.139.63) in a short time targeting the Microsoft Exchange ActiveSync endpoint (/Microsoft-Server-ActiveSync/default.eas). Each request attempted to authenticate using all of our Active Directory users accounts resulting in repeated HTTP 401 Unauthorized responses and accounts got locked.

Why are we seeing this behaviour from a legitimate IPs,is this expected?

Regards,

Moh

Added 4 days ago

0 comments

32 views