Re: What are these Google IPs hammering on my DNS server?

Sun, 03 Dec 2023 11:20:48 -0800 

Did a bit of digging on Google's developer site and came across this:
https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries

Looks like the IPs you mentioned belong to Google's public DNS resolver
based on that list on their site. They could also be spoofed though from a
DNS AMP attack, so keep that in mind.
Per my recent message, the replies are tiny so if it's an amplification attack, it's a very incompetent one. The queries are case randomized so I guess it's really Google. Sigh.
If anyone is wondering, I have a passive aggressive countermeasure against some overqueriers that returns ten NS referral names, and then 25 random IP addresses for each of those names, but I don't do that to Google. 

R's,
John


------------------------------------------------------------------------------
*Accuris Technologies Ltd.*


On Sun, Dec 3, 2023 at 1:51 PM John Levine <jo...@iecc.com> wrote:


At contacts.abuse.net, I have a little stunt DNS server that provides
domain contact info, e.g.:

$ host -t txt comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net descriptive text "ab...@comcast.net"

$ host -t hinfo comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net host information "lookup" "comcast.net"

Every once in a while someone decides to look up every domain in the
world and DoS'es it until I update my packet filters. This week it's
been this set of IPs that belong to Google. I don't think they're
8.8.8.8. Any idea what they are? Random Google Cloud customers? A
secret DNS mapping project?

 172.253.1.133
 172.253.206.36
 172.253.1.130
 172.253.206.37
 172.253.13.196
 172.253.255.36
 172.253.13.197
 172.253.1.131
 172.253.255.35
 172.253.255.37
 172.253.1.132
 172.253.13.193
 172.253.1.129
 172.253.255.33
 172.253.206.35
 172.253.255.34
 172.253.206.33
 172.253.206.34
 172.253.13.194
 172.253.13.195
 172.71.125.63
 172.71.117.60
 172.71.133.51

R's,
John





Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Reply via email to