On Thu, Jun 2, 2022 at 12:55 PM Christopher Morrow <morrowc.li...@gmail.com> wrote:
> > > On Thu, Jun 2, 2022 at 12:22 PM John Von Essen <j...@essenz.com> wrote: > >> Feel free to contact me off-list if your associated with Google Fi. >> >> I’m trying to narrow down some IP abuse that I believe is coming from >> Google Fi mobile devices. The IPs are all coming up as generic Google LLC >> in whois, and they dont have any reverse DNS. I’m trying to see how I can >> confirm that these are IPs related to the Google Fi service/network, or >> just random Google Clould IPs >> >> Here are some sample IPs: >> >> 35.187.133.202 >> 35.187.133.204 >> 35.187.133.200 >> 34.116.22.76 >> 34.116.22.74 >> 34.116.22.72 >> 107.178.194.231 >> 107.178.194.233 >> 107.178.194.235 >> 107.178.193.10 >> 107.178.193.12 >> >> > all of these are very clearly marked out in whois as google-cloud ips: > NetRange: 35.184.0.0 - 35.191.255.255 > CIDR: 35.184.0.0/13 > NetName: GOOGLE-CLOUD > > NetRange: 34.64.0.0 - 34.127.255.255 > CIDR: 34.64.0.0/10 > NetName: GOOGL-2 > > NetRange: 107.178.192.0 - 107.178.255.255 > CIDR: 107.178.192.0/18 > NetName: GOOGLE-CLOUD > > $ for d in $(cat /tmp/x); do host $d; done > Host 202.133.187.35.in-addr.arpa not found: 2(SERVFAIL) > Host 204.133.187.35.in-addr.arpa not found: 2(SERVFAIL) > Host 200.133.187.35.in-addr.arpa not found: 2(SERVFAIL) > Host 76.22.116.34.in-addr.arpa not found: 2(SERVFAIL) > Host 74.22.116.34.in-addr.arpa not found: 2(SERVFAIL) > Host 72.22.116.34.in-addr.arpa not found: 2(SERVFAIL) > 231.194.178.107.in-addr.arpa domain name pointer > 231.194.178.107.gae.googleusercontent.com. > 233.194.178.107.in-addr.arpa domain name pointer > 233.194.178.107.gae.googleusercontent.com. > 235.194.178.107.in-addr.arpa domain name pointer > 235.194.178.107.gae.googleusercontent.com. > 10.193.178.107.in-addr.arpa domain name pointer > 10.193.178.107.gae.googleusercontent.com. > 12.193.178.107.in-addr.arpa domain name pointer > 12.193.178.107.gae.googleusercontent.com. > > I'll see about fixing the missing ptrs... but... 'it's all cloud man!' > > fixing this is in progress. Also, almost certainly 'fi' shows up as whatever is the address set assigned to: GOOGL-4 - NetName: GOOGLE-VPN > Thanks >> John >> >>