Re: [AFMUG] akamai contact

Thu, 20 Jun 2019 14:08:05 -0700

Title: Re: [AFMUG] akamai contact
Ken,

You of all people know it is my problem because I'm the ISP.  Everything is my problem.  Also, it appears that the netgear traffic monitor doesn't count it's own traffic.  While it is merrily going it's way downloading almost 1G/hour, if fails to reflect that.  Now his netgear genie says he only download 5 Gig a day, but my system is reporting he downloaded about 30 Gig a day, who do you think he believes?  Yeah, I'll be having a long phone call tomorrow trying to explain this to him.  It will end with "You need to call Netgear", but it will take a while to get there.



--
Best regards,
Mark                            mailto:m...@mailmt.com

Myakka Technologies, Inc.
www.Myakka.com

------

Thursday, June 20, 2019, 4:46:35 PM, you wrote:


 If customer had a managed router from you, this would be simple, you could look remotely at the connection tracking or NAT translation table along with the DHCP hosts list and determine which device on the LAN is sending traffic to that Akamai IP address.  Or you could set a firewall rule and log the packets, or you could torch the traffic or equivalent.  Lots of tools with a managed router.

But since customer has their own router which you don’t manage, how is this your problem?

And BTW, port 443 could be anything using HTTPS, that doesn’t narrow it down much.


From: AF <af-boun...@af.afmug.com> On Behalf Of Steve Jones
Sent: Thursday, June 20, 2019 3:20 PM
To: AnimalFarm Microwave Users Group <af@af.afmug.com>
Subject: Re: [AFMUG] akamai contact

probably hacked. Isolate it. factory reset it, FW update it manually.factory reset it again

On Thu, Jun 20, 2019 at 3:16 PM Mark - Myakka Technologies <m...@mailmt.com> wrote:

 Just  an  update  on  this.   I  have isolated the IP address.  I have
confirmed  that  something  on  his  system  is  requesting  the data.
TCP/443.   I have blocked all packets leaving his system going to that
IP  address.   That  has  stopped  the  download  of  course,  but  it is
continuously requesting data.  We powered off all devices and it still
continued.  Of course powering off router killed the traffic.

What  are  the chances that it is the Netgear router?  It is a Netgear
(R7000P-100NAS)  Nighthawk AC2300 router.  The usage spike started the
day  he installed the router.  Could it be in some type of FW download
loop?


--
Best regards,
Mark                            mailto:m...@mailmt.com

Myakka Technologies, Inc.
www.Myakka.com

------

Monday, June 17, 2019, 11:53:27 AM, you wrote:

MMT> Anyone  have  a  akamai  contact.   I have a customer getting a steady
MMT> stream  of  data  from  an  IP  address  that  resolves  back to them.
MMT> Currently  blocking  the  address  for the customer, but that is not a
MMT> long term solution.  Would like to figure out who or what at akamai is
MMT> using that address.

MMT> Tried calling them, but got nowhere fast.


MMT> --

MMT> Thanks,
MMT>  Mark                          mailto:m...@mailmt.com

MMT> Myakka Technologies, Inc.
MMT> www.Myakka.com



--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com		 
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Reply via email to