What are these Google IPs hammering on my DNS server?
Peter Potvin
peter.potvin at accuristechnologies.ca
Sun Dec 3 19:06:11 UTC 2023
Did a bit of digging on Google's developer site and came across this:
https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries
Looks like the IPs you mentioned belong to Google's public DNS resolver
based on that list on their site. They could also be spoofed though from a
DNS AMP attack, so keep that in mind.
Regards,
Peter Potvin | Executive Director
------------------------------------------------------------------------------
*Accuris Technologies Ltd.*
On Sun, Dec 3, 2023 at 1:51 PM John Levine <johnl at iecc.com> wrote:
> At contacts.abuse.net, I have a little stunt DNS server that provides
> domain contact info, e.g.:
>
> $ host -t txt comcast.net.contacts.abuse.net
> comcast.net.contacts.abuse.net descriptive text "abuse at comcast.net"
>
> $ host -t hinfo comcast.net.contacts.abuse.net
> comcast.net.contacts.abuse.net host information "lookup" "comcast.net"
>
> Every once in a while someone decides to look up every domain in the
> world and DoS'es it until I update my packet filters. This week it's
> been this set of IPs that belong to Google. I don't think they're
> 8.8.8.8. Any idea what they are? Random Google Cloud customers? A
> secret DNS mapping project?
>
> 172.253.1.133
> 172.253.206.36
> 172.253.1.130
> 172.253.206.37
> 172.253.13.196
> 172.253.255.36
> 172.253.13.197
> 172.253.1.131
> 172.253.255.35
> 172.253.255.37
> 172.253.1.132
> 172.253.13.193
> 172.253.1.129
> 172.253.255.33
> 172.253.206.35
> 172.253.255.34
> 172.253.206.33
> 172.253.206.34
> 172.253.13.194
> 172.253.13.195
> 172.71.125.63
> 172.71.117.60
> 172.71.133.51
>
> R's,
> John
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231203/b16eb24e/attachment.html>
More information about the NANOG
mailing list