nanog mailing list archives
Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Fri, 21 Jan 2011 10:48:08 -0500
The issue has been reported to the proper people inside Akamai. They are investigating, we are not ignoring the issue. If any network with on-net Akamai servers has an issue, including this or any other, please e-mail NetSupport-tix () akamai com and that will open a ticket with our Network Support group. -- TTFN, patrick On Jan 21, 2011, at 9:43 AM, Jack Bates wrote:
On 1/21/2011 8:38 AM, Tom Beecher wrote:Jack- This is exactly what we're seeing. The Akamai server starts a retransmission flood aimed at a specific address randomly. We're seeing thousands of retransmissions of the same packet over and over again, same sequence/ack numbers, all 1460 bytes. In the last capture I have, it was all JPEG data, although we weren't capturing entire packets. There is a slight difference in the capture payloads, two bytes each time.The content between attacks changes at times, as do the source IPs, as they send different content. We've noticed at least 2 different akamai hosted sites packets being sent. 1460 is definitely the number. What gets me is that the 3-way should be complete to allow the 1460, and the modem bank is spamming host unreachable ICMP messages since that IP is offline.I had another dial-up provider contact me off list, and he's seeing the same thing. I'm wondering if this is actually more widespread, but only dial-up providers are really seeing the effects since a 3-5Mbps burst is most noticeable for us on our smaller upstream links. //This was my thought, though in my downstream's case, it's saturating his DS-3. The 45mb spikes were just enough for me to barely make it out on the akamai gig-e graphs. He's also not always receiving from my local node. Sometimes his other transit links saturate due to remote nodes doing the same thing. Jack
Current thread:
- Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Tom Beecher (Jan 20)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Tom Beecher (Jan 20)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Jack Bates (Jan 21)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Chris Adams (Jan 21)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Tom Beecher (Jan 21)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Jack Bates (Jan 21)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Patrick W. Gilmore (Jan 21)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Jack Bates (Jan 21)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Jack Bates (Jan 21)
- Re: Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources Tom Beecher (Jan 20)