Feel free to contact me off-list if your associated with Google Fi. I’m trying to narrow down some IP abuse that I believe is coming from Google Fi mobile devices. The IPs are all coming up as generic Google LLC in whois, and they dont have any reverse DNS. I’m trying to see how I can confirm that these are IPs related to the Google Fi service/network, or just random Google Clould IPs Here are some sample IPs: 35.187.133.202 35.187.133.204 35.187.133.200 34.116.22.76 34.116.22.74 34.116.22.72 107.178.194.231 107.178.194.233 107.178.194.235 107.178.193.10 107.178.193.12 Thanks John
On Thu, Jun 2, 2022 at 12:22 PM John Von Essen <john@essenz.com> wrote:
Feel free to contact me off-list if your associated with Google Fi.
I’m trying to narrow down some IP abuse that I believe is coming from Google Fi mobile devices. The IPs are all coming up as generic Google LLC in whois, and they dont have any reverse DNS. I’m trying to see how I can confirm that these are IPs related to the Google Fi service/network, or just random Google Clould IPs
Here are some sample IPs:
35.187.133.202 35.187.133.204 35.187.133.200 34.116.22.76 34.116.22.74 34.116.22.72 107.178.194.231 107.178.194.233 107.178.194.235 107.178.193.10 107.178.193.12
all of these are very clearly marked out in whois as google-cloud ips: NetRange: 35.184.0.0 - 35.191.255.255 CIDR: 35.184.0.0/13 NetName: GOOGLE-CLOUD NetRange: 34.64.0.0 - 34.127.255.255 CIDR: 34.64.0.0/10 NetName: GOOGL-2 NetRange: 107.178.192.0 - 107.178.255.255 CIDR: 107.178.192.0/18 NetName: GOOGLE-CLOUD $ for d in $(cat /tmp/x); do host $d; done Host 202.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 204.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 200.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 76.22.116.34.in-addr.arpa not found: 2(SERVFAIL) Host 74.22.116.34.in-addr.arpa not found: 2(SERVFAIL) Host 72.22.116.34.in-addr.arpa not found: 2(SERVFAIL) 231.194.178.107.in-addr.arpa domain name pointer 231.194.178.107.gae.googleusercontent.com. 233.194.178.107.in-addr.arpa domain name pointer 233.194.178.107.gae.googleusercontent.com. 235.194.178.107.in-addr.arpa domain name pointer 235.194.178.107.gae.googleusercontent.com. 10.193.178.107.in-addr.arpa domain name pointer 10.193.178.107.gae.googleusercontent.com. 12.193.178.107.in-addr.arpa domain name pointer 12.193.178.107.gae.googleusercontent.com. I'll see about fixing the missing ptrs... but... 'it's all cloud man!'
Thanks John
On Thu, Jun 2, 2022 at 12:55 PM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Thu, Jun 2, 2022 at 12:22 PM John Von Essen <john@essenz.com> wrote:
Feel free to contact me off-list if your associated with Google Fi.
I’m trying to narrow down some IP abuse that I believe is coming from Google Fi mobile devices. The IPs are all coming up as generic Google LLC in whois, and they dont have any reverse DNS. I’m trying to see how I can confirm that these are IPs related to the Google Fi service/network, or just random Google Clould IPs
Here are some sample IPs:
35.187.133.202 35.187.133.204 35.187.133.200 34.116.22.76 34.116.22.74 34.116.22.72 107.178.194.231 107.178.194.233 107.178.194.235 107.178.193.10 107.178.193.12
all of these are very clearly marked out in whois as google-cloud ips: NetRange: 35.184.0.0 - 35.191.255.255 CIDR: 35.184.0.0/13 NetName: GOOGLE-CLOUD
NetRange: 34.64.0.0 - 34.127.255.255 CIDR: 34.64.0.0/10 NetName: GOOGL-2
NetRange: 107.178.192.0 - 107.178.255.255 CIDR: 107.178.192.0/18 NetName: GOOGLE-CLOUD
$ for d in $(cat /tmp/x); do host $d; done Host 202.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 204.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 200.133.187.35.in-addr.arpa not found: 2(SERVFAIL) Host 76.22.116.34.in-addr.arpa not found: 2(SERVFAIL) Host 74.22.116.34.in-addr.arpa not found: 2(SERVFAIL) Host 72.22.116.34.in-addr.arpa not found: 2(SERVFAIL) 231.194.178.107.in-addr.arpa domain name pointer 231.194.178.107.gae.googleusercontent.com. 233.194.178.107.in-addr.arpa domain name pointer 233.194.178.107.gae.googleusercontent.com. 235.194.178.107.in-addr.arpa domain name pointer 235.194.178.107.gae.googleusercontent.com. 10.193.178.107.in-addr.arpa domain name pointer 10.193.178.107.gae.googleusercontent.com. 12.193.178.107.in-addr.arpa domain name pointer 12.193.178.107.gae.googleusercontent.com.
I'll see about fixing the missing ptrs... but... 'it's all cloud man!'
fixing this is in progress. Also, almost certainly 'fi' shows up as whatever is the address set assigned to: GOOGL-4 - NetName: GOOGLE-VPN
Thanks
John
participants (2)
-
Christopher Morrow
-
John Von Essen