okitismine
join:2000-08-06
Brisbane, CA
|  Akamai servers
Does anybody else find this company in there PC way to much.
I asked above.net to stop the connections attempts and this is what I got.
Akamai serves the images and streaming content for many of the most
popular Internet web-sites, including Lycos, Headhunter.net, NBC Internet
and over 2800 others. Akamai's network consists of 13,000+ servers in over
1000 networks across 63 countries. Our patented "intelligent" algorithms
dynamically map a user request to the closest (network-wise) available
Akamai server. When you connect to a web-site your browser first contacts
the content provider (i.e. www.mcafee.com) and downloads an html file.
> This file contains embedded URLs that tell your browser where to find
all the objects necessary to finish displaying the page. In the case of an
"Akamaized" site, these URLs point to the Akamai Network. Next, your browser
makes connections to the URLs to obtain the images or streaming content.
> Again, for an "Akamaized" site, your browser will contact an Akamai
server to obtain the requested items. Generally a TCP server listens on a
well-known port 1023 assigned by the operating system. So a
connection from port 80 of the Akamai server to a high numbered port on your
machine, is a normal HTTP transaction."
> This IP address belongs to a company that deals in streaming media. We
believe you or someone in your organization may have downloaded some
material from their site and are receiving the remainder of their material.
> If this event continues and appears malicious, please do not hesitate
to contact us. We will need the following:
> 1.The source and destination IP addresses which the hacker is coming
from and trying to attack.
> 2. A Port number would provide useful information as to what the hacker
is trying to break into.
> 3. Plain - clear text logs. We can not use attachments, screen shots,
mime encoded, jpeg or gifs. Please include exact time and dates. The log
should have a clear timestamp preferably with a standard line such as EST or
PST. 4. No WHOIS or traceroutes are needed.
> If the error is related to port 80, please check your configuration.
Once we receive the information requested we can then investigate your issue
more efficiently.
> Please send all AboveNet abuse issues only to abuse@above.net.
> Thank you in advance for your assistance,
> Best regards,
> Policy Programs Division
> Metromedia Fiber Network
However I see connections from these server to port 80, or without a page even open a connection from my pc the a site. Anybody have any idea what is realyy going on here.
Logged from kiwi as dropped.
Local0.Notice xxx.17.7.xxx 5871: IP-FILTER: O:PROTO 6 (TCP) pkt from 66.93.12x.xxx/48437
IP-FILTER: to 216.200.14.151/80 dropped,
this was dropped as a connection to the site without a browser open. Sort reminds me on of a movie.
[text was edited by author 2003-01-21 22:25:24]
[text was edited by author 2003-01-21 22:59:57] |
|
NetWatchMan
Premium,VIP
join:2001-03-13
Alpharetta, GA
| Suggest you read this:
»www.mynetwatchman.com/scanguide.htm
From what I hear these servers can generate TCP activity quite some time AFTER you surf to a site with Akamai hosted content...this is what freaks out the firewall.
I *have* detected and reported compromised Akamai servers, but they have been few and far between.
If you really want to prove out what's going on (and Im' interested too), you'll need to setup a packet analyzer.
--
Lawrence Baldwin
myNetWatchman
The Internet Neighborhood Watch |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to okitismine
Hi Larry,
Do you have updates on this...
"I *have* detected and reported compromised Akamai servers, but they have been few and far between."
____
Interesting..what kind of compromises were those?
Asking since we know what hardware and software those servers use 
I have heard of no problem since Fluffy Bunny in 2001....
For a six-month period starting in mid-2001, Fluffy Bunny penetrated the networks of several top Internet firms, including Exodus, VA Software and Akamai
»www.wired.com/news/technology/0,···,00.html
Akamai claims it can protect against crashes caused by demand overloads -- the type of attack that caused Microsoft's sites to crash last week.
January 29, 2001
»www.newsfactor.com/perl/story/7070.html
[text was edited by author 2003-01-22 06:25:48] |
|
theRegulator
@209.63.x.x
 from:
Name Game 
| reply to okitismine
Thousands of third party ads and web bugs are served from akamai. That is why hundreds of akamai servers are listed in SMartin's Hosts. It isn't akamai per se that you should be worried about but those who contract with akamai. There are legitimate uses for akamai services as in the example of AVG and some other AV updaters. HTH |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England | reply to okitismine
If you block Akamai, you won't be able to use LU with NAV. |
|
NetWatchMan
Premium,VIP
join:2001-03-13
Alpharetta, GA
| reply to Name Game
said by Name Game :
Interesting..what kind of compromises were those?
Asking since we know what hardware and software those servers use
Are they Windows?
I seem to remember a Code Red incident or two.
My inactive incident table is NOT indexed by ProviderName so it would take a 20,000,000 row table scan query to find the incident...not about to do that right now.
--
Lawrence Baldwin
myNetWatchman
The Internet Neighborhood Watch |
|
okitismine
join:2000-08-06
Brisbane, CA
| reply to NetWatchMan
Thanks,
I understand firewalls very well. One thing that bothers me about all this is, many of the server ip's are not listed as Akamai. I see the connection in the NAT table and then the firewall drops packets to ip after ip for 5 or 6 min, as many as 10 different ones. As the abovenet response stated, there are thousands of servers out there. It is interesting at this point, not really a complaint, just rather a what is going on in my PC. |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| reply to John2g
said by John2g :
If you block Akamai, you won't be able to use LU with NAV.
If you block with a Hosts file, yes, you can still use LU. You just have to toggle it off in order to do so.
--
JKK Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature! |
|
