nanog mailing list archives
Re: What are these Google IPs hammering on my DNS server?
From: "John R. Levine" <johnl () iecc com>
Date: 3 Dec 2023 14:18:00 -0500
Did a bit of digging on Google's developer site and came across this: https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries Looks like the IPs you mentioned belong to Google's public DNS resolver based on that list on their site. They could also be spoofed though from a DNS AMP attack, so keep that in mind.
Per my recent message, the replies are tiny so if it's an amplification attack, it's a very incompetent one. The queries are case randomized so I guess it's really Google. Sigh.
If anyone is wondering, I have a passive aggressive countermeasure against some overqueriers that returns ten NS referral names, and then 25 random IP addresses for each of those names, but I don't do that to Google.
R's, John
------------------------------------------------------------------------------ *Accuris Technologies Ltd.* On Sun, Dec 3, 2023 at 1:51 PM John Levine <johnl () iecc com> wrote:At contacts.abuse.net, I have a little stunt DNS server that provides domain contact info, e.g.: $ host -t txt comcast.net.contacts.abuse.net comcast.net.contacts.abuse.net descriptive text "abuse () comcast net" $ host -t hinfo comcast.net.contacts.abuse.net comcast.net.contacts.abuse.net host information "lookup" "comcast.net" Every once in a while someone decides to look up every domain in the world and DoS'es it until I update my packet filters. This week it's been this set of IPs that belong to Google. I don't think they're 8.8.8.8. Any idea what they are? Random Google Cloud customers? A secret DNS mapping project? 172.253.1.133 172.253.206.36 172.253.1.130 172.253.206.37 172.253.13.196 172.253.255.36 172.253.13.197 172.253.1.131 172.253.255.35 172.253.255.37 172.253.1.132 172.253.13.193 172.253.1.129 172.253.255.33 172.253.206.35 172.253.255.34 172.253.206.33 172.253.206.34 172.253.13.194 172.253.13.195 172.71.125.63 172.71.117.60 172.71.133.51 R's, John
Regards, John Levine, johnl () taugh com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Current thread:
- What are these Google IPs hammering on my DNS server? John Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Mike Hammett (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Tom Samplonius (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Peter Potvin via NANOG (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- RE: What are these Google IPs hammering on my DNS server? Michael Hare via NANOG (Dec 03)
- RE: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Mark Andrews (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)
- Re: What are these Google IPs hammering on my DNS server? Damian Menscher via NANOG (Dec 04)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 04)
- RE: What are these Google IPs hammering on my DNS server? Michael Hare via NANOG (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? Ray Bellis (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? Christopher Morrow (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? Ray Bellis (Dec 05)
- Re: What are these Google IPs hammering on my DNS server? John R. Levine (Dec 03)