Educause Security Discussion mailing list archives
Re: Google "unusual traffic" captcha
From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Thu, 10 Sep 2015 18:59:21 +0000
Do a network whois: http://network-tools.com/default.asp?prog=network&host=215.58.219.164 and you will see some more information that may be helpful. Vel Pavlov | Sr. IT Security Analyst M.Sc., CISSP, C|EH, C)PTE, Security+, Rapid7 CNA & MPCS, ITIL, A+ Big Rapids, MI 49307 Phone (231)-591-5613 Notice:This email message and any attachments are for the confidential use of the intended recipient. If that isn’t you, please do not read the message or attachments, or distribute or act in reliance on them. If you have received this message by mistake, please immediately notify us and delete this message and any attachments. Thank you. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Reedy Sent: Thursday, September 10, 2015 2:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Google "unusual traffic" captcha I've also seen this in the case of compromised web pages causing too much Google traffic. I don't know if you have web servers located behind the same firewall / nat from the same IP, but it may be worth a look there as well to make sure. Google has never been help to me historically. -Kevin Kevin Reedy Executive Director, Information Security Excelsior College (518) 464-8720 From: "Blackwood, James" <jblackwood () LAGRANGE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU, Date: 09/10/2015 12:09 PM Subject: [SECURITY] Google "unusual traffic" captcha Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> We’ve been getting this off and on for the past couple of days. I’ve seen it once before a year or two ago but it resolved itself. I get that there must be something on our network that Google has decided is making automated search requests which is a violation of their terms of service. I created a port monitor on our internet firewall and looked at the traffic destined for 215.58.219.164 (www.google.com based on my DNS lookup) using WireShark and see, as expected, a ton of traffic but not necessarily a ton of traffic from a single host. Does anyone have any pointers on what specifically to look for? Thanks, James James Blackwood Director of Information Technology Chief Security Officer LaGrange College (706) 880-8050 phone (706) 880-8055 fax jblackwood () lagrange edu 601 Broad St., LaGrange, GA 30240 www.lagrange.edu This message and any attachments contain confidential Excelsior College information intended for the specific individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.
Current thread:
- Google "unusual traffic" captcha Blackwood, James (Sep 10)
- Re: Google "unusual traffic" captcha Alex Keller (Sep 10)
- Re: Google "unusual traffic" captcha Kevin Reedy (Sep 10)
- Re: Google "unusual traffic" captcha Velislav K Pavlov (Sep 10)
- Re: Google "unusual traffic" captcha Kevin Halgren (Sep 11)
- Re: Google "unusual traffic" captcha Carson, Larry (Sep 11)