Free AI web copilot to create summaries, insights and extended knowledge, download it at here

1601

Abstract

op, but it coincidentally fixed itself when I blocked traffic to the location in Japan without changing my geolocation blocking.Then I started looking at where all the gvt2.com domains are connecting. As it turns out it’s connecting my laptop to locations all over the world including Switzerland, Paris, Brazil, and Toronto.<figure id="281d"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*qs77-K78RczIB43yoHVpng.png"><figcaption></figcaption></figure>Other locations in the US included Salt Lake City, Washington DC, and a location in Northern Oregon east of Portland.Everything I’ve come across says that Google uses a “beacons” subdomain. Some of the beacons subdomains resolved to LA or San Jose which seems reasonable. However others report no location at all.There’s an edgedl subdomain under gvt1 which I presume is a download domain for Google Chrome. That domain also does not report a location.I didn’t really have time to investigate this further at the time. I just took a look and currently see that domain trying to connect to Australia.I wish there was a good source that defined what all these weird domains vendors use are for…for now I am blocking the domains connecting to parts of the world I don’t want to connect to from my laptop. I’m not yet sure if I will break something as a result.Anyone using Google products has geolocation requirements in regards to network traffic may want to inspect that behavior a bit deeper.Fol

Options

low for updates.Teri Radichel | © <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2022<div id="8b5f"><pre>About Teri Radichel:

⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab</pre></div><div id="caae"><pre><span class="hljs-section">Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation</pre></div><div id="5a42"><pre>Follow <span class="hljs-keyword">for</span> more stories like <span class="hljs-keyword">this</span>:

❤️ Sign Up my Medium Email List ❤️ Twitter: @teriradichel ❤️ LinkedIn: https://www.linkedin.com/in/teriradichel ❤️ Mastodon: @teriradichel@infosec.exchange ❤️ Facebook: 2nd Sight Lab ❤️ YouTube: @2ndsightlab</pre></div><figure id="faf5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

gvt2 domain connecting to Japan, Europe, Brazil…

Curious about some activity reported by my monitoring systems

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: GCP & Google Security.

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I was looking at some of my monitoring systems a while back and noticed that it shows my system connecting to Japan for a gvt2.com domain:

e2c4.gcp.gvt2.com

That’s odd. Wouldn’t Google just connect me to the nearest hop on their network for updates? The other thing is, the map above wasn’t showing up for some reason. I thought that it may have been because I blocked geolocation on my laptop, but it coincidentally fixed itself when I blocked traffic to the location in Japan without changing my geolocation blocking.

Then I started looking at where all the gvt2.com domains are connecting. As it turns out it’s connecting my laptop to locations all over the world including Switzerland, Paris, Brazil, and Toronto.

Other locations in the US included Salt Lake City, Washington DC, and a location in Northern Oregon east of Portland.

Everything I’ve come across says that Google uses a “beacons” subdomain. Some of the beacons subdomains resolved to LA or San Jose which seems reasonable. However others report no location at all.

There’s an edgedl subdomain under gvt1 which I presume is a download domain for Google Chrome. That domain also does not report a location.

I didn’t really have time to investigate this further at the time. I just took a look and currently see that domain trying to connect to Australia.

I wish there was a good source that defined what all these weird domains vendors use are for…for now I am blocking the domains connecting to parts of the world I don’t want to connect to from my laptop. I’m not yet sure if I will break something as a result.

Anyone using Google products has geolocation requirements in regards to network traffic may want to inspect that behavior a bit deeper.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab