NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Akamai bypasses WebSense, Real.com, DoubleClick and other UNWANTED TRAFFIC



Actually, they DO have thousands of boxes...all over the planet,
and blocking pings is not the best solution because ICMP is necessary for
a variety of things. I just don't feel they have any need to attempt to map
my internal network and audit my bandwidth capabilities with ping scans.

They need to have an OPT OUT page on their site and honor requests not
to be constantly probed.

They are being sued over this issue in CA where they have been scanning
networks with a lot of ISDN lines attached. The ISDN routers are configured
to
drop the connection when traffic falls, however AKAMAI has been pinging them
excessively and keeping their connections open. That costs people MONEY, and
I would think they have a valid gripe for this unwarranted traffic.

Anyway, does anyone have good rulebase examples for ad banner blocking?
I tried a URI filter and it was not working that great...probably my bad.

----- Original Message -----
From: "Ian Campbell" <[email protected]>
To: "Fw-1-Mailinglist-us (E-mail)"
<[email protected]>
Sent: Monday, September 18, 2000 5:50 PM
Subject: RE: [FW1] Akamai bypasses WebSense, Real.com, DoubleClick and other
UNWANTED TRAFFIC


>
> How about just dropping all ICMP except echo-reply at your internet access
> router?
>
> Ian
>
> -----Original Message-----
> From: Cedric Amand [mailto:[email protected]]
> Sent: Monday, September 18, 2000 2:05 PM
> To: Fw-1-Mailinglist-us (E-mail)
> Subject: Re: [FW1] Akamai bypasses WebSense, Real.com, DoubleClick and
> other UNWANTED TRAFFIC
>
>
>
> Hello Carl,
>
> CEM> They do this by ping flooding large blocks of addresses and building
a
> network latency topology map and vectoring data from their servers.
> CEM> I don't want AKAMAI's thousands of servers PING FLOODING me.
>
> Please, if you don't like "unwanted" ICMP then you don't want to be
> on the internet at all since ICMP is made for normal operations of
> the TCP control protocol and is entirely connection-less.
>
> Akamai, like many others and a shitload of hardware devices, uses
> ICMP to determine the "distance" between all of their servers
> and you to deliver your customers/users/whatevers the best
> internet experience. (As you said.)
> They don't have thousands of boxes tough and their technology is
> much more complex than just flat probing of the entire internet.
>
> Anyway, it's annoying because it pollutes logs, but as a firewall
> admin you maybe should just silently dump their traffic. They won't
> change their business. Their traffic load is abyssal.
>
> There are also numerous academic hosts doing the same thing, some
> with funny reverse DNS lookups like "network-topology-probing-for
> -my-thesis.thatuniv.blah.edu" that are as (if not more) annoying.
>
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.