nanog mailing list archives

Re: List of CDNs?

From: Michael Collins <mcollins () aleae com>
Date: Sat, 16 Nov 2013 19:30:48 -0500

Patrick,

It's Yet Another False Positive in anomaly detection and traffic analysis software that I fiddle with.  In the case of 
CDNs, I mostly want to throw them out the window -- whenever I see one, I know that the reverse lookup information is 
going to be useless and it's time to toss that address out of the bucket and look at the next weird one on the list. 

On Nov 16, 2013, at 5:28 PM, Patrick W. Gilmore <patrick () ianai net> wrote:

First, the location of CDN nodes is not relevant to passive DNS monitoring. If Andrew would like a list of domains 
with CDN hostnames in them, that might be findable.

Second, a list of CDN nodes is likely impossible to gather & maintain without the help of the CDNs themselves. There 
are literally thousands of them, most do not serve the entire Internet, and they change frequently. And before you 
ask, I know at least Akamai will _not_ give you their list, so don't even try to ask them.

Sorry this makes your life more difficult. Perhaps if you explained why you were doing address lookups, the 
collective body could help you come up with a better solution?

-- 
TTFN,
patrick


On Nov 15, 2013, at 10:06 , Michael Collins, Aleae <mcollins () aleae com> wrote:

I'll second that; CDNs are a constant pain for me when I'm doing address
lookups.  A list of them would make life a lot easier for a bunch of
different investigative processes. 

If there isn't one right now, I think I could get off my tuchas and
start maintaining one if anyone's interested in pitching in.


On 11/14/13 5:19 PM, Andrew Fried wrote:

Actually, a list of CDNs would be very handy.  I harvest botnets and
fast flux hosts out of passive dns, and some of the heuristics used to
identify them are similar to what CDNs look like.

Having a decent list of CDN effective top level domains alone would be
useful for redacting those hosts.

Andy


Andrew Fried
andrew.fried () gmail com

On 11/14/13, 5:11 PM, Patrick W. Gilmore wrote:

List of CDNs would be difficult, but not impossible. Although they do different things, so a simple list is 
unlikely to be as useful as it looks. 

A lost of CDN "DC nodes" is not possible. Why do you care about such a thing anyway?

Current thread:

List of CDNs? Carlos Kamtha (Nov 14)
- Re: List of CDNs? Patrick W. Gilmore (Nov 14)
  - Re: List of CDNs? Andrew Fried (Nov 14)
    - Re: List of CDNs? Michael Collins, Aleae (Nov 15)
    - Re: List of CDNs? Patrick W. Gilmore (Nov 16)
    - Re: List of CDNs? Michael Collins (Nov 16)
    - Re: List of CDNs? Patrick W. Gilmore (Nov 16)
    - CDN node locations Jay Ashworth (Nov 16)
    - Re: CDN node locations Patrick W. Gilmore (Nov 16)
    - Re: CDN node locations Warren Bailey (Nov 16)
    - Re: CDN node locations Martin Hannigan (Nov 17)
    - Re: CDN node locations Phil Bedard (Nov 16)
    - Re: CDN node locations Jay Ashworth (Nov 16)
    - Re: CDN node locations Phil Bedard (Nov 16)
  - Re: List of CDNs? Carlos Kamtha (Nov 14)
    - Re: List of CDNs? Simon Lyall (Nov 14)

(Thread continues...)