Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Large Amounts of ICMP packets

From: David Luyer <david_luyer () PACIFIC NET AU>
Date: Sat, 19 Aug 2000 13:50:47 +1000
A customer of mine has been hit with large amounts of ICMP packets from
akaimaitechnologies.com servers. I've seen these before and considered them
a nusiance, but I feel 1600 ICMP packets a week to hosts that can not
respond due to being behind a firewall is excessive, and it fills logs
pretty quickly. The company response was that they use the pings to better
serve the customers and to monitor usage.

You can have addresses removed from their list of hosts by sending an email
to the hostmaster listed below:


If you don't know who Akamai are, last time I worked through the stats they
were 5% of the web content requested by Australian customers by URLs and
about 10% by volume from memory - the %ages should be higher in the US I'd
expect as they are US-based.  But it's over a year since I worked out the
exact stats.

They provide a server farm (10 servers in our case) to decent sized ISPs for
free, or even pay to co-locate it, then all Akamai URLs are local and fast
traffic.

Alteon (the L4 switch company recently acquired by Nortel(?)) have a switch
which re-writes web pages on the fly to have URLs into the Akamai network
for all large objects.

People like cnn.com have all their actual media content on the Akamai network
and then just the HTML on their own servers.

Basically what I'm saying is, if you're a decent sized ISP or large company,
1600 ICMP packets a week is very little to pay to make sure you use the
closest Akamai server for all the content in their network.  Of course if
you're large enough to qualify, you may be even better off asking them to
provide you with an Akamai farm of your own.  Of course if the network is
unable to respond to the ICMP packets it's fairly pointless, but perhaps
you could make something so the firewall responds to _all_ ICMP echos rather
than blocking them?  Then you might not end up with companies deciding the
closest web server to you was in Eastern Europe :-)

David.
--
----------------------------------------------
David Luyer
Senior Network Engineer
Pacific Internet (Aust) Pty Ltd
Phone:  +61 3 9674 7525
Fax:    +61 3 9699 8693
Mobile: +61 4 1064 2258, +61 4 1114 2258
http://www.pacific.net.au        NASDAQ: PCNTF
<< fast 'n easy >>
----------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: