most likely too many nat hosts behind too few publics? On Fri, Jun 19, 2020 at 9:00 AM Christopher Tyler <ch...@totalhighspeed.net> wrote:
> So the other day we got an email (excerpt below) from Google's automated > tool... > > We are seeing automated scraping of Google Web Search from a large > number of your IPs. Automated scraping violates our /robots.txt file > and also our Terms of Service. We request that you terminate this > traffic immediately. Failure to do so may cause your network to be > blocked by our abuse systems. > > To allow you to identify the traffic, we are providing a list of > your IPs they used today (Source field), as well as the most common > destination (Google) IP and port and a timestamp of a recent request > (in UTC) to aid in your identification. Note that this list may not > be exhaustive, and we request that you terminate all such traffic, not > just traffic from IPs in this list. > > All of the destination ports (to Google) are either 80 or 443, so they at > least appear to be legit web traffic on the surface. They are obviously > spoofed IP address as there are network addresses in the list and the IP > belongs to a router that doesn't appear to be compromised in any way. The > initial letter included 700+ IP addresses from our network. > > It's now affecting our customers as they are now getting Captcha's for > every couple of Google searches that they perform. > > Does anyone know of a good way to track the perpetrator(s) down and/or > know of a way to mitigate this? > > -- > Christopher Tyler > Senior Network Engineer > MTCRE/MTCNA/MTCTCE/MTCWE > > Total Highspeed Internet Solutions > 1091 W. Kathryn Street > Nixa, MO 65714 > (417) 851-1107 x. 9002 > www.totalhighspeed.com > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
