Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources

Jack Bates jbates at brightok.net
Fri Jan 21 07:45:22 CST 2011


I have a customer reporting the same thing. The traffic flood goes to 
offline modem bank IPs. So far, Akamai hasn't actually grasped what the 
problem is and says everything is fine. :(

Luckily, most of the traffic (not all) is coming from my local cluster, 
so it's easier to monitor what's going on. Packet captures have shown 
the same packet being sent over and over, usually over 1400 bytes in 
size. Different floods may have different packets, but within a flood 
it's identical. I wouldn't think you'd have data prior to the 3-way, so 
I'm curious how the 3-way is being completed for the data to be sent.


Jack

On 1/20/2011 4:46 PM, Tom Beecher wrote:
> I've received a couple of responses off list, and am now in touch with 
> Akamai directly.
>
> I appreciate everyone's assistance.
>
> On 1/20/2011 4:04 PM, Tom Beecher wrote:
>> I'm looking for an Akamai contact to try and address a strange 
>> situation.
>>
>> We have multiple sites across the country that aggregate 56k dialup 
>> customers. Different sites are randomly experiencing inbound traffic 
>> spikes that are overwhelming the uplinks to our carriers, causing DoS 
>> situations.  These spikes far exceed the bandwidth that could 
>> possibly be used by the number of dialup customers connected. We've 
>> been able to trace the source of the traffic to Akamai boxes, but so 
>> far have been unable to reach anyone at Akamai to discuss the 
>> situation. We're attempting to get payload information, but the 
>> traffic volume is making it slow going setting up packet captures at 
>> these sites remotely.
>>
>> Thanks in advance,
>>
>> Tom
>>
>





More information about the NANOG mailing list