Akamai an Inside Job?

David_Kennedy_CISSP · June 16, 2004, 3:23pm

http://www.overclockersclub.com/?read=8733819

The Akamai attacks started in the morning and it was detected by
Keynote Systems, a web tracking company that is able to track the load
and bandwidth on the Internet. According to Keynote they saw
an "Internet performance issue" this morning
...
They have tracked the attacker back to person that is at the Akamai
Technologies ISP. No other information has been given to us at this
time. We do not know if the FBI is working on this issue right now, but
we expect them to do so.

[DMK: Source, beyond overclockers, unknown, reliability and accuracy unknown.]

Akamai spin:
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_vie
w&newsId=20040616005428&newsLang=en

Dan_Golding · June 16, 2004, 6:17pm

This seems pretty thin. The supply of uninformed speculation and dubious
"experts" clearly exceeds the demand. I suggest we all wait until Akamai has
concluded their post-mortem.

Duncan_Meakins · June 16, 2004, 8:56pm

Is anyone aware of a non-akamized way to access google? Considering we've
had a few Akamai issues in the past couple months it could proove handy in
the future to be able to access google through non-Akamai channels. I
thought maybe the API access they provide may bypass it, but with a little
ethereal work I discovered it simply hits the same addresses. Any ideas?

-Duncan

Chris_Yarnell · June 16, 2004, 11:08pm

I'd suggest working with Google if you feel you need some sort of out of
band access to them rather than asking here. I'm sure Google doesn't need
thousands of people picking weird random ways to access their clusters.

Tony_Rall1 · June 16, 2004, 11:28pm

http://216.239.57.104

(No guarantee that that address will continue to work, but it currently
goes to one of their servers in Calif.)

Tony Rall

Jared_Mauch · June 16, 2004, 11:35pm

I think the question is truly this:

some of the dns responses that i saw had low ttls, should
they use a longer ttl?

the problems i saw were related to the data expiring from the cache,
some of this is to workaround broken clients/resolvers that will "latch"
on to one IP (as part of a load balancing solution), but IMHO
those people don't deserve internet service until their systems properly
do RR...

so, should the ttl be more like 1h or 1d instead of less?

(random thoughts)

or perhaps some of these people may wish to run their own
nameservers and just use akamai for content? then again, the whole
point of this is to outsource it, i'm sure these people have some SLA
in their contracts so are getting credits or somesuch..

- jared

Larry_Sheldon · June 16, 2004, 11:48pm

Jared Mauch wrote:

  I think the question is truly this:

  some of the dns responses that i saw had low ttls, should
they use a longer ttl?

  the problems i saw were related to the data expiring from the cache,
some of this is to workaround broken clients/resolvers that will "latch"
on to one IP (as part of a load balancing solution), but IMHO
those people don't deserve internet service until their systems properly
do RR...

One of us thinks the shor TTL is at the heart of the Akamai "system".