?
Solved

Google.com IP range

Posted on 2017-09-27
2
Medium Priority
?
77 Views
Last Modified: 2017-10-15
We access an external vendor's site who provided us some sort of service.

However, about 300 of our staff, mostly contract staff needs to access this
service but they currently are not granted Internet access on their PCs, so
we permit by firewall rules for entire organization to access that vendor's
site as going by proxy, we'll need to grant 300 proxy entries (ie by their
AD Id) to 3 URLs as that site will call/redirect to 2 other URLs.

By permitting at firewall rules & letting these contract staff bypass the
proxy, the contract staff can only access these 3 URLs & not any other
links/sites on Internet so this is still "secure" in my view as these 3
URLs are "trusted" sites.   This method of bypassing proxy is also to
facilitate that should new contract staff joins, the staff could access
as the 3 URLs while if we go by proxy, each time a new staff joins,
have to request for it & each time a staff leaves, have to remove that
staff's AD Id from proxy: quite an enormous admin task (for the
proxy admin as well as supervisors of these staff).

Q1:
Now, we just found that this vendor has coded another module to call
Google's "Captcha" service (which is  www.google.com/..... ) : what's
the entire subnet range of google.com ?  Is it a Class A, B or C or a
mix of many Class C  ranges ?

Q2:
Our firewalls can't resolve via public DNS currently so if permit to
access a large range of public IP, what's the security/risk implications?
Any other safe way of working around this?
0
Comment
Question by:sunhux
1 Comment
 
LVL 30

Accepted Solution

by:
Dr. Klahn earned 2000 total points
ID: 42310694
Google owns -- in my sole opinion -- a far too large chunk of the IPv4 address space.

These are the ones I've been forced to block on my own server:

# ==== 23.251.128 - 23.251.159 ====
# ==== 35.184, 35.185, 35.186, 35.187, 35.188, 35.189, 35.190, 35.191 ====
# ==== 35.192, 35.193, 35.194, 35.195, 35.196, 35.197, 35.198, 35.199 ====
# ==== 35.200, 35.201, 35.202, 35.203 ====
# ==== 64.233.160 - 64.233.191 ====
# ==== 66.102.0 - 66.102.15 ====
# ==== 66.249.80 - 66.249.95 -- Non-Googlebot, proxies, experimental
# ==== 104.154 - 104.155 ====
# ==== 104.196, 104.197, 104.198, 104.199 ====
# ==== 107.178.192 - 107.178.255 ====
# ==== 130.211 ====
# ==== 146.148.96 - 146.148.127 ====
# ==== 162.222.176 - 162.222.183 ====
# ==== 199.223.232 - 199.223.239 ====
# ==== 209.85.128 - 209.85.255 -- Google proxies ====

Open in new window


So at present I'm blocking around 1.8 million addresses belonging to Google.  There are other ranges as well; these are just the ones that I've had to block due to security issues.  This also partially addresses your second question.
4

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question