服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 如何联系Google举报滥用networking?
Intereting Posts
testing针对spamassassin的促销活动,分数低于预期 为什么我的apache日志突然有随机的换行符呢? 设置MIM,我应该在不同的虚拟机上拆分DC,SQL,Sharepoint,MIM吗? 交换2013年收到电子邮件,但不交付 桌面虚拟化? 怎么样? 如何加快Windows主机上的QEMU? x64的Windows报告32GB内存可用的64GB内存安装 – 为什么? 系统日志写入一般而不是特定的文件 Windows DNS不断重新注册已删除的IP地址 如何在CentOS 6.2服务器上更改控制台分辨率? 为nginxconfigurationHttpRealIpModule 有条件地解决一个传入的DNS请求 MS IIS6,自签名SSL成功安装,但HTTPS不起作用 从registry中提取机器帐户域密码 用于IBM xSeries的replaceHDD

如何联系Google举报滥用networking?

我的服务器正在从74.125.170.60 每秒连接请求数以千计。 我在ARIN上查看了IP地址,并且在Google地址块中。 

 You searched for: 74.125.170.60 Network Net Range 74.125.0.0 - 74.125.255.255 CIDR 74.125.0.0/16 Name GOOGLE Handle NET-74-125-0-0-1 Parent NET74 (NET-74-0-0-0-0) Net Type Direct Allocation Origin AS Organization Google Inc. (GOGL) Registration Date 2007-03-13 Last Updated 2012-02-24 Comments RESTful Link https://whois.arin.net/rest/net/NET-74-125-0-0-1 See Also Related organization's POC records. See Also Related delegations.

从ARIN页面 : 

 Point of Contact Name Abuse Handle ABUSE5250-ARIN Company Google Inc. Street 1600 Amphitheatre Parkway City Mountain View State/Province CA Postal Code 94043 Country US Registration Date 2015-11-06 Last Updated 2016-11-08 Comments Please note that the recommended way to file abuse complaints are located in the following links. To report abuse and illegal activity: https://www.google.com/intl/en_US/goodtoknow/online-safety/reporting-abuse/ For legal requests: http://support.google.com/legal Regards, The Google Team Phone +1-650-253-0000 (Office) Email [email protected] RESTful Link https://whois.arin.net/rest/poc/ABUSE5250-ARIN

我试图去指出的url,并得到一个404错误。 我试着拨打这个电话号码,听到一个粗鲁的声音,说:“我们的办公室现在已经closures了,试着通过networking联系我们。”

我已将电子邮件发送到[email protected] ,但没有得到回复。 我尝试附加一个日志文件(从过滤的tcpdump输出9.4MB大约一分钟, bzip2压缩到719K),谷歌的服务器拒绝接受电子邮件。

我试着给Verizon(我的ISP)打了个电话,半小时后他们用“技术支持”的人打了个电话,他们所有的人都试图阻止我的路由器的stream量,这并不比用防火墙封锁它好在我的服务器上,因为我已经在做。 我试图告诉“技术支持”的人,我需要和他们的NOC中的某个人说话,但是当她让我搁置并再次回来之后,她说:“我们可以告诉你如何联系你的路由器制造商。 “

有没有办法让我联系互联网IP层的人,他们可以阻止这种stream量?

有没有一种有效的方式让我联系到谷歌的人可以离线攻击服务器?

Google是否应该在ARIN的logging中包含最新和正确的信息?

编辑

我用tcpdump | grep "74.125.170.60" > ~/history/2017-08-18.74.125.170.60.attack.tcpdump tcpdump | grep "74.125.170.60" > ~/history/2017-08-18.74.125.170.60.attack.tcpdump短时间内在攻击过程中创build一个日志文件。 所有的条目都是针对一个特定的域,我已经编辑了example.com ,或者服务器本身( Dreamer )。 这是文件的第一行: 

 00:35:47.900785 IP 74.125.170.60.60032 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.902549 IP 74.125.170.60.42109 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.903630 IP 74.125.170.60.25048 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.903702 IP 74.125.170.60.3412 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.904296 IP 74.125.170.60.35736 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.905065 IP 74.125.170.60.59975 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.905280 IP 74.125.170.60.38738 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.906168 IP 74.125.170.60.38518 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.907055 IP 74.125.170.60.rmc > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.908191 IP 74.125.170.60.35290 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.908845 IP 74.125.170.60.16059 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.908938 IP 74.125.170.60.40717 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.909064 IP 74.125.170.60.48521 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.909359 IP 74.125.170.60.42772 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.909526 IP 74.125.170.60.61289 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.909598 IP 74.125.170.60.340 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.909600 IP 74.125.170.60.31228 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.909974 IP 74.125.170.60.28242 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.910306 IP 74.125.170.60.36920 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.910974 IP 74.125.170.60.44033 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.911100 IP 74.125.170.60.63473 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.911695 IP 74.125.170.60.54654 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.912019 IP 74.125.170.60.32781 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.912101 IP 74.125.170.60.20249 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.912741 IP 74.125.170.60.16639 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.913240 IP 74.125.170.60.7023 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.913364 IP 74.125.170.60.20280 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.913546 IP 74.125.170.60.58903 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.913616 IP 74.125.170.60.18014 > Dreamer.domain: 1+ TXT? github.com. (28) 00:35:47.914039 IP 74.125.170.60.32919 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.914293 IP 74.125.170.60.63457 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.915976 IP 74.125.170.60.39601 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.916640 IP 74.125.170.60.7574 > example.com.domain: 1+ TXT? github.com. (28) 00:35:47.916711 IP 74.125.170.60.6825 > Dreamer.domain: 1+ TXT? github.com. (28)

和最后一行: 

 00:37:40.604887 IP 74.125.170.60.35576 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.605636 IP 74.125.170.60.100 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.605708 IP 74.125.170.60.15556 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.606242 IP 74.125.170.60.37610 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.607702 IP 74.125.170.60.33095 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.608644 IP 74.125.170.60.3311 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.610756 IP 74.125.170.60.25304 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.611034 IP 74.125.170.60.50931 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.611152 IP 74.125.170.60.38218 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.611731 IP 74.125.170.60.2596 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.612352 IP 74.125.170.60.35744 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.613339 IP 74.125.170.60.5825 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.615193 IP 74.125.170.60.10612 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.615872 IP 74.125.170.60.57806 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.616334 IP 74.125.170.60.25388 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.616438 IP 74.125.170.60.55827 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.616948 IP 74.125.170.60.35459 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.617421 IP 74.125.170.60.38407 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.618087 IP 74.125.170.60.18918 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.618260 IP 74.125.170.60.9969 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.618332 IP 74.125.170.60.65190 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.618333 IP 74.125.170.60.6016 > example.com.domain: 1+ TXT? github.com. (28) 00:37:40.618674 IP 74.125.170.60.37720 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.621551 IP 74.125.170.60.55976 > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.621810 IP 74.125.170.60.mac-srvr-admin > Dreamer.domain: 1+ TXT? github.com. (28) 00:37:40.623893 IP 74.125.170.60.7383 > Dreamer.domain: 1+ TXT? github.com. (28)

我在文件上做了一个行数: 

 wc -l 2017-08-18.74.125.170.60.attack.tcpdump 111894 2017-08-18.74.125.170.60.attack.tcpdump

正如你所看到的,在文件被写入112.723108秒期间发生了111,894次命中,平均每秒命中992.645次 。 我大约在东部时间下午11点25分发现了这个问题,当从疲惫中倒下时,大约在上午5点15分还在继续。 我没有理由相信这个速度正在上升或下降,这意味着在我观看的时候 ,我的服务器在接近六个小时的时间里正在被大约两千一百万次的打击。

几个小时后,当我回到服务器时,攻击已经停止。 我没有收到我发送给[email protected]的邮件的任何forms的回复或确认,所以我不知道Google是否采取了一些措施来阻止它,或者它自己离开了。 我怀疑发生了什么事是有人在Google Cloud服务中设置了一个“非法设备”来进行攻击。 尽pipe如此以及为什么停止,却完全不清楚,因为提供者绝对缺乏反馈意见。

我感到震惊的是,像这样的攻击可以build立和运行, 没有追索权,因为没有可用于报告这些问题的通信渠道 ,无论是源头还是networking之间。

举报滥用行为和非法活动如果您认为违反一项或多项计划政策,可以举报Google网站

https://support.google.com/legal/troubleshooter/1114905?rd%3D2#ts%3D1115658,1115699&ts=1115658