George the Hamster

Just another WordPress.com weblog

  • a

«
»

Akamai Technologies: Leave Me Alone!

Posted by George the Hamster on October 16, 2007

I’m a good little web user, at least I think so. I mind my P’s and Q’s, stay away from downloading movies and music that will earn me attention from the MPAA and RIAA, and I steer clear of the sometimes questionable content available on the interwebs.

So, I was surprised one day to boot my home computer and immediately receive several dozen firewall alerts that an IP claiming to be “i2.microsoft.com” was attempting to access my VPC (Virtual PC).

akamaiconnection.jpg

For a moment, I entertained the thought of allowing the connection; being an almost brand new install of the VPC client, I thought it may have been standard procedure to check back with Microsoft for software updates.

But then the IP seemed a bit strange. I knew Microsoft usually operated in the high 190’s to low 200’s of the IP subnet, with the occasional bounce into the mid 60’s. But this IP started with 72.246.x.x. Intrigued, I ran a WHOIS and was surprised to come up with the following listing masquerading as a Microsoft connection:

OrgName: Akamai Technologies
OrgID: AKAMAI
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US

NetRange: 72.246.0.0 – 72.247.255.255
CIDR: 72.246.0.0/15
NetName: AKAMAI-ARIN-1
NetHandle: NET-72-246-0-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: ACCESS.AKAMAI.COM
NameServer: YA.AKAMAI.COM
Comment:
RegDate: 2005-03-14
Updated: 2007-03-14

RNOCHandle: NF81-ARIN
RNOCName: Freedman, Noam
RNOCPhone: +1-617-938-3130
RNOCEmail: noam+arin@akamai.com

OrgTechHandle: NF81-ARIN
OrgTechName: Freedman, Noam
OrgTechPhone: +1-617-938-3130
OrgTechEmail: noam+arin@akamai.com

# ARIN WHOIS database, last updated 2007-10-14 19:10

Seeing as how ARIN said the entry was updated the very day I got these connection attempts, I was fairly certain in my information.

So then that leads me to one question: who the heck are Akamai and why would they need to be sending connection requests to my VPC??

After a bit of research, it seems that Akamai is some sort of hosting and “internet content caching” company, who will host and server such things as massive amounts of pictures or applications for heavy traffic sites such as Yahoo and, in this case, Microsoft. What exactly constitutes “internet content caching” is beyond me, but it sounds too much like keeping records you really should not be keeping.

I apparently was not alone in wondering why Akamai was giving my firewall tizzies; Ask Leo had a somewhat similar incidence posted to their site.

When a site is “Akamaized”, requests for certain content go through different servers instead of the host site you’re connecting to. You the user end up playing the middle man as your browser does an about-face and begins pulling content from other servers besides the site you’re visiting. Usually, this happens seamlessly behind the scenes; but in some cases, an unexpected connection termination in whatever process Akamai uses to have you download content fails and you or someone unfortunate enough to snag your IP address begin to be bombarded with phony connection attempts and activity vaguely reminiscent of port scanning and network mapping.

Akamai still makes press after all these allegations, with news of Windows Updates hosted by them turning around and sending encrypted connection attempts back to client machines, and vulnerabilities that allow hackers to take over and control an Akamai Manager suite.

So, is Akamai just in trying to connect to my VPC? Whether they are or are not well within their rights to randomly access network services on my computer (which I highly doubt), I don’t want anyone I’ve never heard of and never done business with in my computer.

So, leave me alone, Akamai! Go do your “market research” on someone else’s computer.

This entry was posted on October 16, 2007 at 2:59 am and is filed under Security. Tagged: , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Akamai Technologies: Leave Me Alone!”

  1. Chris Vance said

    October 16, 2007 at 3:16 am

    Akamai is a Content Delivery Network. Big sites like Yahoo/Microsoft/Myspace use them to reduce the load on their own servers. Companies like Akamai place servers close to users around the world and deliver static content or big files to you. Why get your images, web pages, and videos from Microsoft in Washington when you can get them quicker from a CDN server closer to your location?

    See: http://en.wikipedia.org/wiki/Content_delivery_network

    Reply

  2. George the Hamster said

    October 16, 2007 at 3:27 am

    Thanks for the clarification, Chris!

    Reply

  3. Yahoo Says: “Sorry you can’t sign in, but do you have a Credit Card? « George the Hamster said

    October 16, 2007 at 4:10 am

    [...] more interestingly, the Firefox NoScript addon had blocked a script from Akamai. There’s Akamai again, tho this time I’m sure they’re just hosting Yahoo’s [...]

    Reply

  4. vutledy said

    November 1, 2007 at 2:33 pm

    ONLINE – DRUGSTORE!
    PRICES of ALL MEDICINES!

    FIND THAT NECESSARY…
    VIAGRA, CIALIS, PHENTERMINE, SOMA… and other pills!

    Welcome please: pills-prices.blogspot.com

    NEW INFORMATION ABOUT PAYDAY LOANS!

    Welcome please: payday-d-loans.blogspot.com

    GOOD LUCK!

    Reply

  5. termites all over you! said

    April 1, 2008 at 7:30 pm

    hi,

    i’m pretty sure that Akami executes this situation by offering “freeware” like Call Alert. I caught it with WinSonar. Don’t know if it’s necessarily bad, but they are tracking what people look at, probably for marketing purposes. They are compiling a database of browser user history. You probably agree to allow this when you download the “freeware”. Don’t worry, i’m going to start screwing with them, just for fun, to see what i can come up with. It is interesting.

    Reply

  6. CultureOfOne said

    August 23, 2008 at 12:23 pm

    I’m responding by quoting/paraphrasing from another post I made elsewhere on the net. I first noticed this with eBay and PayPal in February 2008. As near as I can tell, something changed in the way these sites were served/hosted around that time. I tried to get them to investigate it, but they said it must be just me. After much investigation, I discovered it was an issue with my firewall, or more accurately, with the systematic bombardment of my firewall: for every static file downloaded from Akamai, an attempt is made to breach the firewall. The intent of this, as far as I can tell, is a load-balancing measure; in an effort to see which server responds fastest, it will send a packet of data to the user’s computer from each of it’s servers and see which one bounces back quickest. The trouble is, with a firewall, the packet doesn’t bounce – it sticks, intercepted by the firewall – and when nothing comes back, Akamai will continuously make attempt after attempt instead of simply choosing a server at random (or by some other criteria). Norton Personal Firewall views these as “suspicious activity” and won’t let them through, nor will it dignify them with a response. Presumably other firewalls will react similarly. The end result: any site with Akamai multi-server hosting (eBay, PayPal, YouTube, Yahoo, HomeDepot, and the list goes on) will either load REALLY slowly (if only part of the static content eg images, secure content, etc. is hosted over multiple servers by Akamai) or time out entirely (if the whole site is hosted this way) as Akamai makes hundered if not thousands of attempts to breach the firewall for a single page download. As examples, using my high-speed connection, an eBay login takes over 25 minutes, PayPal login is virually impossible (because the login times out before I can reach the next screen), and YouTube videos never load.

    It should be possible to make adjustments to the firewall to compensate. The sad fact is, the behaviour is unpredictable from a firewall perspective, making the adjustments nearly impossible, not to mention ill-advised. Since the bombardment rotates through sequential ports, all of them outside of the regularly used range, there is no way to open a specific port to them. You could create a gap in the firewall for all Akamai IP addresses, but that’s a pretty big vulnerability, and (as I have discovered) not entirely effective. If you’re really desparate, you can always drop the firewall momentarily and make an attempt, raising it again as soon as possible, but given the amount of spyware out there, you might as well dump the firewall entirely and open yourself up to invasion!

    I’m still investigating to see if I can find a better client-side solution. The only true permanent solution I can see to the problem is to pressure Akamai to change the way they do server load balancing. If they just used a standard ping, and did it ONCE PER SERVER, imagine how much faster things would run. Even if they could write a subroutine to handle lack of response (eg: just pick the least active server, regardless of distance), then things would run far more smoothly.

    So, how do we petition Akamai to fix this? Ironically, I attempted to access their website to register a complaint, but it timed out ;)

    Reply

  7. DARK said

    January 28, 2009 at 2:11 am

    42.378N, 71.133 WAKAMAI-ARIN-1 8 Appleton St, Cambridge, MA, United States a72-247-146-10.deploy.akamaitechnologies.com

    Reply

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»