Re: [AFMUG] akamai contact

Thu, 20 Jun 2019 13:43:22 -0700

Title: Re: [AFMUG] akamai contact
Steve,

OK just for shits and giggles I typed in the bad ip address https://72.246.60.96 and got this from my browser

"Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for 72.246.60.96. The certificate is only valid for the following names: www.downloads.netgear.com, updates1.netgear.com, http.fw.updates1.netgear.com, arloupdates.netgear.com, updates.netgear.com, acupdatesdl2.netgear.com, acdownload.netgear.com, updates.arlo.com, kb1.netgear.com, acupdatesdl.netgear.com"

So, I'm going with my first guess that the netgear router is screwed.

--
Best regards,
Mark                            mailto:m...@mailmt.com

Myakka Technologies, Inc.
www.Myakka.com

------

Thursday, June 20, 2019, 4:19:32 PM, you wrote:


 probably hacked. Isolate it. factory reset it, FW update it manually.factory reset it again

On Thu, Jun 20, 2019 at 3:16 PM Mark - Myakka Technologies <m...@mailmt.com> wrote:

 Just  an  update  on  this.   I  have isolated the IP address.  I have
confirmed  that  something  on  his  system  is  requesting  the data.
TCP/443.   I have blocked all packets leaving his system going to that
IP  address.   That  has  stopped  the  download  of  course,  but  it is
continuously requesting data.  We powered off all devices and it still
continued.  Of course powering off router killed the traffic.

What  are  the chances that it is the Netgear router?  It is a Netgear
(R7000P-100NAS)  Nighthawk AC2300 router.  The usage spike started the
day  he installed the router.  Could it be in some type of FW download
loop?


--
Best regards,
Mark                            mailto:m...@mailmt.com

Myakka Technologies, Inc.
www.Myakka.com

------

Monday, June 17, 2019, 11:53:27 AM, you wrote:

MMT> Anyone  have  a  akamai  contact.   I have a customer getting a steady
MMT> stream  of  data  from  an  IP  address  that  resolves  back to them.
MMT> Currently  blocking  the  address  for the customer, but that is not a
MMT> long term solution.  Would like to figure out who or what at akamai is
MMT> using that address.

MMT> Tried calling them, but got nowhere fast.


MMT> --

MMT> Thanks,
MMT>  Mark                          mailto:m...@mailmt.com

MMT> Myakka Technologies, Inc.
MMT> www.Myakka.com



--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com		 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Reply via email to