Re: [AFMUG] akamai contact

Ken Hohhof Thu, 20 Jun 2019 13:47:37 -0700

If customer had a managed router from you, this would be simple, you could look 
remotely at the connection tracking or NAT translation table along with the 
DHCP hosts list and determine which device on the LAN is sending traffic to 
that Akamai IP address.  Or you could set a firewall rule and log the packets, 
or you could torch the traffic or equivalent.  Lots of tools with a managed 
router.


 

But since customer has their own router which you don’t manage, how is this 
your problem?

 

And BTW, port 443 could be anything using HTTPS, that doesn’t narrow it down 
much.

 

 

From: AF <af-boun...@af.afmug.com> On Behalf Of Steve Jones
Sent: Thursday, June 20, 2019 3:20 PM
To: AnimalFarm Microwave Users Group <af@af.afmug.com>
Subject: Re: [AFMUG] akamai contact

 

probably hacked. Isolate it. factory reset it, FW update it manually.factory 
reset it again

 

On Thu, Jun 20, 2019 at 3:16 PM Mark - Myakka Technologies <m...@mailmt.com 
<mailto:m...@mailmt.com> > wrote:

Just  an  update  on  this.   I  have isolated the IP address.  I have
confirmed  that  something  on  his  system  is  requesting  the data.
TCP/443.   I have blocked all packets leaving his system going to that
IP  address.   That  has  stopped  the  download  of  course,  but  it is
continuously requesting data.  We powered off all devices and it still
continued.  Of course powering off router killed the traffic.

What  are  the chances that it is the Netgear router?  It is a Netgear
(R7000P-100NAS)  Nighthawk AC2300 router.  The usage spike started the
day  he installed the router.  Could it be in some type of FW download
loop?


--
Best regards,
 Mark                            mailto:m...@mailmt.com 
<mailto:m...@mailmt.com> 

Myakka Technologies, Inc.
www.Myakka.com <http://www.Myakka.com> 

------

Monday, June 17, 2019, 11:53:27 AM, you wrote:

MMT> Anyone  have  a  akamai  contact.   I have a customer getting a steady
MMT> stream  of  data  from  an  IP  address  that  resolves  back to them.
MMT> Currently  blocking  the  address  for the customer, but that is not a
MMT> long term solution.  Would like to figure out who or what at akamai is
MMT> using that address.

MMT> Tried calling them, but got nowhere fast.


MMT> --

MMT> Thanks,
MMT>  Mark                          mailto:m...@mailmt.com 
<mailto:m...@mailmt.com> 

MMT> Myakka Technologies, Inc.
MMT> www.Myakka.com <http://www.Myakka.com> 



-- 
AF mailing list
AF@af.afmug.com <mailto:AF@af.afmug.com> 
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] akamai contact

Reply via email to