Looking for an Akamai contact, strange DoS traffic sourcing from Akamai sources
Jack Bates
jbates at brightok.net
Fri Jan 21 13:45:22 UTC 2011
I have a customer reporting the same thing. The traffic flood goes to
offline modem bank IPs. So far, Akamai hasn't actually grasped what the
problem is and says everything is fine. :(
Luckily, most of the traffic (not all) is coming from my local cluster,
so it's easier to monitor what's going on. Packet captures have shown
the same packet being sent over and over, usually over 1400 bytes in
size. Different floods may have different packets, but within a flood
it's identical. I wouldn't think you'd have data prior to the 3-way, so
I'm curious how the 3-way is being completed for the data to be sent.
Jack
On 1/20/2011 4:46 PM, Tom Beecher wrote:
> I've received a couple of responses off list, and am now in touch with
> Akamai directly.
>
> I appreciate everyone's assistance.
>
> On 1/20/2011 4:04 PM, Tom Beecher wrote:
>> I'm looking for an Akamai contact to try and address a strange
>> situation.
>>
>> We have multiple sites across the country that aggregate 56k dialup
>> customers. Different sites are randomly experiencing inbound traffic
>> spikes that are overwhelming the uplinks to our carriers, causing DoS
>> situations. These spikes far exceed the bandwidth that could
>> possibly be used by the number of dialup customers connected. We've
>> been able to trace the source of the traffic to Akamai boxes, but so
>> far have been unable to reach anyone at Akamai to discuss the
>> situation. We're attempting to get payload information, but the
>> traffic volume is making it slow going setting up packet captures at
>> these sites remotely.
>>
>> Thanks in advance,
>>
>> Tom
>>
>
More information about the NANOG
mailing list