我的服务器正在承受数千个连接请求每秒来自74.125.170.60。我在 ARIN 上查了 IP 地址,它位于 Google 地址块中。
You searched for: 74.125.170.60
Network
Net Range 74.125.0.0 - 74.125.255.255
CIDR 74.125.0.0/16
Name GOOGLE
Handle NET-74-125-0-0-1
Parent NET74 (NET-74-0-0-0-0)
Net Type Direct Allocation
Origin AS
Organization Google Inc. (GOGL)
Registration Date 2007-03-13
Last Updated 2012-02-24
Comments
RESTful Link https://whois.arin.net/rest/net/NET-74-125-0-0-1
See Also Related organization's POC records.
See Also Related delegations.
来自ARIN 页面:
Point of Contact
Name Abuse
Handle ABUSE5250-ARIN
Company Google Inc.
Street 1600 Amphitheatre Parkway
City Mountain View
State/Province CA
Postal Code 94043
Country US
Registration Date 2015-11-06
Last Updated 2016-11-08
Comments Please note that the recommended way to file abuse complaints are located in the following links.
To report abuse and illegal activity: https://www.google.com/intl/en_US/goodtoknow/online-safety/reporting-abuse/
For legal requests: http://support.google.com/legal
Regards,
The Google Team
Phone +1-650-253-0000 (Office)
Email [email protected]
RESTful Link https://whois.arin.net/rest/poc/ABUSE5250-ARIN
我尝试去指定网址并得到了404错误。我尝试拨打电话号码,但听到一个沙哑的声音说:“我们的办公室现在关门了,请尝试通过网络联系我们。”
我已经发送了电子邮件[email protected],但没有收到回复。我尝试附加一个日志文件(tcpdump约一分钟的过滤输出,9.4MB,bzip2压缩为 719K),但 Google 的服务器拒绝接受该电子邮件。
我尝试打电话给 Verizon(我的 ISP),在与他们的“技术支持”人员通话半小时后,他们只能建议我尝试阻止路由器上的流量,但这并不比我已经在服务器上使用防火墙阻止流量好多少。我尝试告诉“技术支持”人员我需要与他们 NOC 的某个人通话,但她让我等待后又回来了,她说“我们可以告诉您如何联系路由器制造商...”
有没有办法让我联系到 Internet IP 层的某个人来阻止这种流量?
是否有一种有效的方法可以让我联系到 Google 内部能够让攻击服务器下线的人员?
谷歌难道不应该当前和正确他们在 ARIN 上的记录中的信息?
编辑
我tcpdump | grep "74.125.170.60" > ~/history/2017-08-18.74.125.170.60.attack.tcpdump在攻击期间花了一小段时间创建了一个日志文件。所有条目要么针对一个特定域(我已将其删除)example.com,要么针对服务器本身(Dreamer)。以下是该文件的前几行:
00:35:47.900785 IP 74.125.170.60.60032 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.902549 IP 74.125.170.60.42109 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.903630 IP 74.125.170.60.25048 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.903702 IP 74.125.170.60.3412 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.904296 IP 74.125.170.60.35736 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.905065 IP 74.125.170.60.59975 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.905280 IP 74.125.170.60.38738 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.906168 IP 74.125.170.60.38518 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.907055 IP 74.125.170.60.rmc > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.908191 IP 74.125.170.60.35290 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.908845 IP 74.125.170.60.16059 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.908938 IP 74.125.170.60.40717 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.909064 IP 74.125.170.60.48521 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.909359 IP 74.125.170.60.42772 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.909526 IP 74.125.170.60.61289 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.909598 IP 74.125.170.60.340 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.909600 IP 74.125.170.60.31228 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.909974 IP 74.125.170.60.28242 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.910306 IP 74.125.170.60.36920 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.910974 IP 74.125.170.60.44033 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.911100 IP 74.125.170.60.63473 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.911695 IP 74.125.170.60.54654 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.912019 IP 74.125.170.60.32781 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.912101 IP 74.125.170.60.20249 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.912741 IP 74.125.170.60.16639 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.913240 IP 74.125.170.60.7023 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.913364 IP 74.125.170.60.20280 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.913546 IP 74.125.170.60.58903 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.913616 IP 74.125.170.60.18014 > Dreamer.domain: 1+ TXT? github.com. (28)
00:35:47.914039 IP 74.125.170.60.32919 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.914293 IP 74.125.170.60.63457 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.915976 IP 74.125.170.60.39601 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.916640 IP 74.125.170.60.7574 > example.com.domain: 1+ TXT? github.com. (28)
00:35:47.916711 IP 74.125.170.60.6825 > Dreamer.domain: 1+ TXT? github.com. (28)
最后几行:
00:37:40.604887 IP 74.125.170.60.35576 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.605636 IP 74.125.170.60.100 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.605708 IP 74.125.170.60.15556 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.606242 IP 74.125.170.60.37610 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.607702 IP 74.125.170.60.33095 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.608644 IP 74.125.170.60.3311 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.610756 IP 74.125.170.60.25304 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.611034 IP 74.125.170.60.50931 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.611152 IP 74.125.170.60.38218 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.611731 IP 74.125.170.60.2596 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.612352 IP 74.125.170.60.35744 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.613339 IP 74.125.170.60.5825 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.615193 IP 74.125.170.60.10612 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.615872 IP 74.125.170.60.57806 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.616334 IP 74.125.170.60.25388 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.616438 IP 74.125.170.60.55827 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.616948 IP 74.125.170.60.35459 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.617421 IP 74.125.170.60.38407 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.618087 IP 74.125.170.60.18918 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.618260 IP 74.125.170.60.9969 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.618332 IP 74.125.170.60.65190 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.618333 IP 74.125.170.60.6016 > example.com.domain: 1+ TXT? github.com. (28)
00:37:40.618674 IP 74.125.170.60.37720 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.621551 IP 74.125.170.60.55976 > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.621810 IP 74.125.170.60.mac-srvr-admin > Dreamer.domain: 1+ TXT? github.com. (28)
00:37:40.623893 IP 74.125.170.60.7383 > Dreamer.domain: 1+ TXT? github.com. (28)
我对文件进行了行数统计:
wc -l 2017-08-18.74.125.170.60.attack.tcpdump
111894 2017-08-18.74.125.170.60.attack.tcpdump
如您所见,在文件写入的 112.723108 秒内发生了 111,894 次命中,平均大约992.645 次点击每秒。我大约在美国东部时间晚上 11:25 发现了这个问题,到早上 5:15 左右它还在运行,当时我累得倒下了。我没有理由相信这个速率会上升或下降,这意味着我的服务器大约被重击了2100万次在近六个小时的间隔中当我在看它的时候。
几个小时后,当我回到我的服务器时,攻击已经停止了。我做到了不是我发送的电子邮件没有收到任何形式的回复或确认,[email protected]所以我不知道 Google 是否采取了措施阻止了这种情况,或者这种情况是否自行消失了。我怀疑事情的真相是,有人在 Google Cloud 服务中设置了一个“恶意设备”来实施攻击。但由于提供商的反馈非常少,攻击是如何停止的以及为什么停止的完全不清楚。
我很震惊,这样的攻击竟然可以被策划和实施无追索权因为没有可用的沟通渠道报告此类问题,无论是在源头还是在那儿和这里之间的网络上。
答案1
举报滥用和非法活动如果您认为某个 Google 网站违反了其一项或多项计划政策,您可以举报该网站
https://support.google.com/legal/troubleshooter/1114905?rd%3D2#ts%3D1115658,1115699&ts=1115658