[Outages-discussion] [EXTERNAL] Re: Question about the Google “sorry” page...
Chapman, Brad (NBCUniversal)
Brad.Chapman at nbcuni.com
Mon Jun 29 00:55:27 EDT 2020
Interesting; thanks.
Would you expect to see this behavior in an environment where a proxy server is used to funnel traffic to the Internet and clients have to use a PAC file or WPAD?
—Sent from my iPhone
On Jun 28, 2020, at 9:34 PM, Damian Menscher <damian at google.com> wrote:
Blocking occurs when automated searching is detected, not simply due to the total volume of requests from a single IP. As such, there is no option for an exception.
To "solve" this, we recommend you minimize the number of users sharing an IP. The easiest method is with IPv6, since then each user can have their own /64 (our abuse systems don't look deeper than that). If you're stuck with IPv4, separate your corporate-managed machines from the guest wifi (which is harder to control), and try to give different groups of users their own NAT IP (by building or floor, etc). That way when there's a problem you'll have fewer users impacted, and a smaller list of suspects.
If you want to start digging into the reasons why your IP might have been blocked, the most common reasons for getting blocked (mostly for websearch) include (in no particular order):
- malware that proxies abuse for criminals
- browser extensions that automate searching
- misconfigured browsers that have anomalous behavior
- corporate proxies that are open for abuse
- users installing "P2P VPN" software, which is also abused
Damian
--
Damian Menscher :: Security Reliability Engineer :: Google :: AS15169
On Sun, Jun 28, 2020 at 4:57 PM Chapman, Brad (NBCUniversal) <Brad.Chapman at nbcuni.com<mailto:Brad.Chapman at nbcuni.com>> wrote:
Greetings Outages-Discussion,
I hope you are all having a pleasant Sunday afternoon / evening with no P1 / SevA / 4-alarm fires caused by a violation of Read-only Friday.
Given the number of sysadmins and telecom / network engineers on this list, I am guessing that we have seen (or been asked to explain) the Google “Sorry” page.
Occasionally, our company gets a burst of calls about this issue, until the lockout expires on Google’s side. We manage >50,000 computers so even short lockouts can generate dozens of calls.
Has anyone ever approached Google’s NOC team to request an exemption from the Sorry page for their busiest external IP addresses? Or, if not a blanket exemption, to request an increase in the threshold before it is tripped?
Hope you’re all staying safe.
Cheers,
Brad Chapman
NBCUniversal
—Sent from my iPhone
_______________________________________________
Outages-discussion mailing list
Outages-discussion at outages.org<mailto:Outages-discussion at outages.org>
https://puck.nether.net/mailman/listinfo/outages-discussion<https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/outages-discussion__;!!PIZeeW5wscynRQ!-T5SokgIYLbWPeqRO4boP4fHxQbHaOHVW5G6FNDQ4sI2cVgFNtCDeAvOwaP5eN4PNg$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20200629/b1e497dc/attachment-0001.htm>
More information about the Outages-discussion
mailing list