Curious about some activity reported by my monitoring systems
I was looking at some of my monitoring systems a while back and noticed that it shows my system connecting to Japan for a gvt2.com domain:
e2c4.gcp.gvt2.com
That’s odd. Wouldn’t Google just connect me to the nearest hop on their network for updates? The other thing is, the map above wasn’t showing up for some reason. I thought that it may have been because I blocked geolocation on my laptop, but it coincidentally fixed itself when I blocked traffic to the location in Japan without changing my geolocation blocking.
Then I started looking at where all the gvt2.com domains are connecting. As it turns out it’s connecting my laptop to locations all over the world including Switzerland, Paris, Brazil, and Toronto.
Other locations in the US included Salt Lake City, Washington DC, and a location in Northern Oregon east of Portland.
Everything I’ve come across says that Google uses a “beacons” subdomain. Some of the beacons subdomains resolved to LA or San Jose which seems reasonable. However others report no location at all.
There’s an edgedl subdomain under gvt1 which I presume is a download domain for Google Chrome. That domain also does not report a location.
I didn’t really have time to investigate this further at the time. I just took a look and currently see that domain trying to connect to Australia.
I wish there was a good source that defined what all these weird domains vendors use are for…for now I am blocking the domains connecting to parts of the world I don’t want to connect to from my laptop. I’m not yet sure if I will break something as a result.
Anyone using Google products has geolocation requirements in regards to network traffic may want to inspect that behavior a bit deeper.
Teri Radichel
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2022
Teri Radichel
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2022
All the posts in this series:
____________________________________________
Author:
Cybersecurity for Executives in the Age of Cloud on Amazon
Need Cloud Security Training? 2nd Sight Lab Cloud Security Training
Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.
Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.
Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts
