Akamai an Inside Job?
Brian Mulvaney
brianm at rain.com
Wed Jun 16 16:41:45 UTC 2004
At 08:23 AM 6/16/2004, David Kennedy CISSP wrote:
>http://www.overclockersclub.com/?read=8733819
>
>The Akamai attacks started in the morning and it was detected by
>Keynote Systems, a web tracking company that is able to track the load
>and bandwidth on the Internet. According to Keynote they saw
>an "Internet performance issue" this morning
Keynote's primary business model is measuring the performance and
availability of public web sites as seen from a distributed network of
synthetic probes. They don't offer any services that "track the load and
bandwidth on the Internet". Here's what their public/PR type email alert
said on the matter yesterday:
Keynote Internet Performance Alert
Starting at approximately 5:30am PDT today, a major Internet performance
issue was detected by Keynote systems. By 6:00am, the availability of the
Keynote Business 40 Internet Performance Index had dropped from its usual
near-100% availability to 81% availability:
<http://keynote.lyris.net/t/4086/732513/23/0/>http://web507.keynote.com/mykeynote/Post/KB40data_061504_085844.asp
Further analysis by Keynote indicated that the availability issues were
limited to several large sites, all of whom outsource their DNS services to
Akamai. These sites dropped to near-zero availability:
<http://keynote.lyris.net/t/4086/732513/24/0/>http://web507.keynote.com/mykeynote/Post/KB40data_061504_090509.asp
Availability was largely restored by approximately 7:45am PDT.
>...
>They have tracked the attacker back to person that is at the Akamai
>Technologies ISP. No other information has been given to us at this
>time. We do not know if the FBI is working on this issue right now, but
>we expect them to do so.
>
>[DMK: Source, beyond overclockers, unknown, reliability and accuracy unknown.]
That's nonsense David. Keynote measurements can distinguish between
availability problems caused by DNS outages versus those caused by
connectivity or site outages. They manifestly don't track attackers.
Brian Mulvaney
More information about the NANOG
mailing list