How to Deal With Unusual Traffic Detected Notifications

How to Deal With Unusual Traffic Detected NotificationsIf you get an unusual traffic detected notification from Google, it usually means your IP address was or still is sending suspicious network traffic. Google can detect this and has recently implemented security measures to protect against DDoS, other server attacks and SEO rank manipulation.

The key thing to remember is that the notification is based on your Internet facing IP address, not your private IP address which is assigned to your laptop\PC\device. If you don’t know what your Internet facing (or public) IP address is you can use something like this service.

Top tips for dealing with unusual traffic detected messages:

  1. Get an inventory. Do you have unknown devices on your network? There are many free applications which can do network scans. Another option is to deploy deep packet inspection tools which will passively detect what is running on your network.
  2. Monitor traffic on your Internet gateway. Watch out for things like network scans, traffic on unusual port numbers, TOR traffic. I have included a video below which explains how you can do this.
  3. Track down the device using its MAC address. Network switches maintain a list of what MAC addresses are associated with what network switch ports. The guide at this link shows you how to do this on Cisco switches but similar commands are available on other switch models.
  4. See if your IP address is blacklisted. You can use something like this http://www.ipvoid.com/ to see if your IP address is known black lists.
  5. If you cannot find any issues, talk to your ISP. Maybe you need an IP change. IP addresses are recycled so it could be that you were allocated a dodgy one. This is a remote possibility so make sure you cover tips 1 to 4 first.

How to Monitor Internet Activity Using a SPAN Port

Further reading

In a previous blog post I also looked at how you can use LANGuardian to track down the source of unusual traffic on your network.

Blog Post: How to deal with “Google has detected unusual traffic from your network” notifications

Please don’t hesitate to get in contact with our support team if you are having an issue with a unusual traffic notification. They can help you quickly get to the root cause of issues associated with suspicious network traffic.

Thanks to NetFort for the article.

Google Has Detected Unusual Traffic from Your Network

Google Has Detected Unusual Traffic from Your Network Malware on PCs and other devices can lead to all sorts of serious issues. From Ransomware to DDoS activity. Another symptom of malware that I come across a lot is when a Google displays the message “Google has detected unusual traffic from your network” when users search for something. The reason Google detects something is that they are probably receiving loads of automated searches from your IP addresses. Typically these searches are automated by Malware installed on one or more systems inside your network. Google Has Detected Unusual Traffic from Your Network Your options are very limited when this happens. One thing would be to ignore it but each time you want to search for something you will have to solve a CAPTCHA (a squiggly word with a box below it). The recommended approach would be to find out what is causing the problem in the first place. The Google notification will give you very little to go on so the main priority is to get visibility as to what is happening on your network. Forget about SNMP or NetFlow, you will need lots of detail to get to the root cause and neither of these protocols will do this. An ideal data source is a SPAN or mirror port. This will give you access to network packets or wire data as I hear some people describe it. A SPAN port will give you access to crucial information like IP addresses, host-names, web domain names, email addresses, application payloads, or MAC addresses. Once you have your SPAN port setup you just need to install LANGuardian and take a look at what is happening. Watch out for systems connecting to external IP addresses or hosts associated with lots of traffic associated with the Google domains. LANGuardian will also associate this network activity with usernames so you know who is causing the problem. See below for a recent quote from a customer. In this case they did not use LANGuardian to investigate a Google issue. However, it does goes to show how customers are really happy using LANGuardian to find out what is happening on their networks. “LANGuardian is a crucial part of our investigation tools within the network, gets right into what’s happening” James Barnes, ICT Team Leader, Ayrshire College, Scotland. Please don’t hesitate to get in contact with our support team if you are having an issue with a Google notification. You can also download a free trial of LANGuardian which can help you get to the root cause of any issues fast.

Download_Free_Trial_of_LANGuardian

Thanks to NetFort for the article.