[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Re : PingFlooding from AkamaiGHosts
Hello. Experiencing the same event here and then, I included its description and the informations I could gather in a file that I maintain, about false alerts on my firewall. Here's its quick and dirty translation in English (please forgive the eventual inaccuracies, I'm a newbie sysadmin ;-) ) I hope it'll help. ******************************************* Akamai Log Signature: Service : 1233, 1259, 2519, 2522 Source : a213-56-194-86.deploy.akamaitechnologies.com Destination : a LAN machine Proto : tcp S_Port : http Other signs: Time intervals between each attempt : 20", 20", 40", 1'30", then 2" (14 attempts, total duration 14', then stops) Possible cause: Akamai (www.akamai.com) has deployed a network of content servers (product Freeflow, www.akamai.com/html/en/sv/freeflow_streaming.html), especially among ISP; the objective is to lower the response time during a web consultation tracert: Trace l'itinéraire vers a213-56-194-62.deploy.akamaitechnologies.com [213.56.194.62] avec un maximum de 30 tronçons : 1 <10 ms <10 ms <10 ms 192.168.1.1 2 46 ms 63 ms 62 ms 24.GIG-9-0.GENG1.Gennevilliers.raei.francetelecom.net [194.2.1.226] 3 47 ms 62 ms 63 ms a213-56-194-62.deploy.akamaitechnologies.com [213.56.194.62] What's that site running ? (http://uptime.netcraft.com/up/graph) The site 213.56.194.62 is running AkamaiGHost on Linux Notes: a reasonable assumption is that the source could vary, according to the following pattern: IPadress.deploy.akamaitechnologies.com other possible source : *.globalcenter.com unclear: why is an Akamai server the initiator of the connexion, instead of the pc used to browse the web? References FireWall-1 mailing list archives (msgs.securepoint.com/fw1/) FireWall Wizards mailing list archives (www.nfr.com/pipermail/firewall-wizards/1999-October/006689.html) article de 01Informatique du 5/7/2000 (www.01net.com/rdn?oid=113566) article du JDNet (solutions.journaldunet.com/0103/010329akamai.shtml) Mynetwatchman incident report (www.mynetwatchman.com/mynetwatchman/ListAllOpenIncidents.asp?ProviderId=1786&ReportType=P&AttackerIp=0&ReportPage=Provider) ----------------- Olivier DEBRE [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|