Educause Security Discussion mailing list archives

Re: Google "unusual traffic" captcha

From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Thu, 10 Sep 2015 18:59:21 +0000

Do a network whois: http://network-tools.com/default.asp?prog=network&host=215.58.219.164 and you will see some more 
information that may be helpful. 

Vel Pavlov | Sr. IT Security Analyst
M.Sc., CISSP, C|EH, C)PTE, Security+,
Rapid7 CNA & MPCS, ITIL, A+ 
Big Rapids, MI 49307
Phone (231)-591-5613


Notice:This email message and any attachments are for the confidential use of the intended recipient. If that isn’t 
you, please do not read the message or attachments, or distribute or act in reliance on them. If you have received this 
message by mistake, please immediately notify us and delete this message and any attachments. Thank you.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin 
Reedy
Sent: Thursday, September 10, 2015 2:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google "unusual traffic" captcha

I've also seen this in the case of compromised web pages causing too much Google traffic.  I don't know if you have web 
servers located behind the same firewall / nat from the same IP, but it may be worth a look there as well to make sure.

Google has never been help to me historically.

-Kevin

Kevin Reedy
Executive Director, Information Security Excelsior College
(518) 464-8720




From:   "Blackwood, James" <jblackwood () LAGRANGE EDU>
To:     SECURITY () LISTSERV EDUCAUSE EDU,
Date:   09/10/2015 12:09 PM
Subject:        [SECURITY] Google "unusual traffic" captcha
Sent by:        The EDUCAUSE Security Constituent Group Listserv
            <SECURITY () LISTSERV EDUCAUSE EDU>



We’ve been getting this off and on for the past couple of days.  I’ve seen it once before a year or two ago but it 
resolved itself.  I get that there must be something on our network that Google has decided is making automated search 
requests which is a violation of their terms of service.

I created a port monitor on our internet firewall and looked at the traffic destined for 215.58.219.164 (www.google.com 
based on my DNS lookup) using WireShark and see, as expected, a ton of traffic but not necessarily a ton of traffic 
from a single host.  Does anyone have any pointers on what specifically to look for?

Thanks,
James

James Blackwood
Director of Information Technology
Chief Security Officer
LaGrange College

(706) 880-8050  phone
(706) 880-8055 fax
jblackwood () lagrange edu

601 Broad St., LaGrange, GA 30240
www.lagrange.edu


This message and any attachments contain confidential  Excelsior College information intended for the specific 
individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. 
Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.

Current thread:

Google "unusual traffic" captcha Blackwood, James (Sep 10)
- Re: Google "unusual traffic" captcha Alex Keller (Sep 10)
- Re: Google "unusual traffic" captcha Kevin Reedy (Sep 10)
  - Re: Google "unusual traffic" captcha Velislav K Pavlov (Sep 10)
- Re: Google "unusual traffic" captcha Kevin Halgren (Sep 11)
  - Re: Google "unusual traffic" captcha Carson, Larry (Sep 11)