HaHaHa Akamaitechnologies Port Scan
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: HaHaHa Akamaitechnologies Port Scan

  1. #1
    () \/V |\| 3 |) |3\/ |\|3G47|\/3
    Join Date
    Sep 2002
    Posts
    744

    Talking HaHaHa Akamaitechnologies Port Scan

    I've run into irritating port scans by Akamaitechnologies before...but THIS TIME....I stopped them. I was just sitting here looking for a job and my firewall alerted me that it had stopped a port scan.

    Now I know they say they are just trying to make things better:
    Our company sometimes does some research on internet connectivity using pings. The goal of our research is to improve download times for end users.
    It's something to think about.
    Here is the link.
    I'm not sure I believe their intentions are THAT innocent.

    Here it is:
    ============================
    McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4165 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4166 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4171 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4172 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall blocked an attempt to attack your machine using a "Port Scan" attack. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4179 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4179 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall automatically blocked incoming traffic from IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall automatically blocked outgoing traffic to IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall automatically blocked outgoing traffic to IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 1 [ICMP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall automatically blocked outgoing traffic to IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall automatically blocked incoming traffic from IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    McAfee Firewall automatically blocked incoming traffic from IP address 239.255.255.250. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 17 [UDP]. The remote address associated with the traffic was 192.168.1.1. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".

    Go Finland!
    Deviant Gallery

  2. #2
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Hi mathgirl32,

    Indeed i have encountered very similar results in my firewall logs, with the addition that most of the times, akamai had established connections to my box on highports. Many attempts to block that have failed at first. When i dropped all packages from that specific ip, they connected again using another ip (one number up). My results on their servers looked like a honey pot at first. I had a hard time findig any info about them (not even netcraft could help). I believe too that its more to it than they claim. So far i have managed to block them (i dropped their whole ip range), but since they have so many servers around the globe, i read my logs incase i have to drop more ip ranges. The weird thing is......in the beginning, i had a firewall running that blocked all inccoming traffic (except related dns, http) and still there were established connections to my machine. I usually came across akamai after trying to login to msn chat, hotmail, yahoo mail, and yahoo chat. I will do the same thing, send them an email telling them to exclude me from their "probes".

    Thanx for posting this mathgirl32, as i think we will be hearing alot more from them in the future. This is an IMPORTANT issue, since from my point of view, it looks like privacy intrusion.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    while on the topic of firewalls, does anyone know any good Linux firewalls, i didnt get to many responces from a search engine, but any of you that use Linux maybe have one that you think is good or know where i can get one? (i like having more than one)
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Gore....


    In linux its better to setup your own firewall using iptables. I never recomend using a firewall out of the box. Its better to setup your rules manually (which also helps you understand and learn more about networking and protocols), and iptables is really good for that. It might take some time to read on how to use iptables, but its more than worth it. For info about iptables i would do a google on "iptables tutorials" I cant name a specific site on that since i have my tutorials as books. How ever, i have setup a linux firewall called devil-linux which is really a master piece. Have a look at their website. www.devil-linux.org That is if you have a LAN and are ready to dedicate a computer to act as a firewall. Again, devil linux runs on manually defined iptables rules. It runs of a live cd (no hardisk needed) so its read only and cannot be edited. Its not easy to setup, but its worth the trouble. My entire company and home network use this devil linux, and so far its really great. Give it a try.

    Good luck
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    Our company sometimes does some research on internet connectivity using pings. The goal of our research is to improve download times for end users.
    unfortunatly for us the download times they reffer to are the streaming media advertisments of their customers.

    Akamaitechnologies is the largest bandwith thief out there however most of the stuff that comes from them is in response a request from your browser. add this list to you hosts file:

    127.0.0.1 a209-247-153-150.deploy.akamaitechnologies.com
    127.0.0.1 akamaitechnologies.com
    127.0.0.1 a388.g.akamai.net
    127.0.0.1 a917.g.akamai.net
    127.0.0.1 a4.g.akamai.net
    127.0.0.1 yd.akamai.com #A (Address) 63.215.198.103
    127.0.0.1 ye.akamai.com #A (Address) 12.47.217.26
    127.0.0.1 yf.akamai.com #A (Address) 216.32.118.14
    127.0.0.1 yb.akamai.com #A (Address) 216.32.118.104
    127.0.0.1 yc.akamai.com #A (Address) 209.246.46.48
    127.0.0.1 yg.akamai.com #A (Address) 63.215.198.86
    127.0.0.1 yh.akamai.com #A (Address) 63.146.179.79
    127.0.0.1 access.akamai.com #A (Address) 80.67.70.18
    127.0.0.1 mx1.akamai.com #A (Address) 80.67.70.12
    127.0.0.1 mx2.akamai.com #A (Address) 80.67.70.14
    127.0.0.1 mx3.akamai.com #A (Address) 63.116.109.19
    127.0.0.1 EUR1.AKAM.NET #A (Address) 212.187.244.35
    127.0.0.1 EUR2.AKAM.NET #A (Address) 212.187.169.152
    127.0.0.1 NS1-137.AKAM.NET #A (Address) 193.108.91.137
    127.0.0.1 NS1-2.AKAM.NET #A (Address) 193.108.91.2
    127.0.0.1 NS1-3.AKAM.NET #A (Address) 193.108.91.3
    127.0.0.1 NS1-42.AKAM.NET #A (Address) 193.108.91.42
    127.0.0.1 USE1.AKAM.NET #A (Address) 65.163.234.133
    127.0.0.1 USE3.AKAM.NET #A (Address) 64.14.76.206
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    () \/V |\| 3 |) |3\/ |\|3G47|\/3
    Join Date
    Sep 2002
    Posts
    744
    Thanks for the info, Tedob1! Consider it done!!

    And, yes, Instronics....they ARE sneaky, aren't they?? I'll be keeping an eye on them.

    Go Finland!
    Deviant Gallery

  7. #7
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Hi,

    I too have a weird thing to report from Akamai.
    There is prog that tries to access from my computer to destination DNS :

    a195-130-135-238.deploy.akamitechnologies.com or
    a195-130-135-237.deploy.akamitechnologies.com

    It's called LUCOM, en when I search this .exe , i find as result that this LiveUpdate
    prog would try to go to liveupdate from symantec.

    Is akamaitechnologies related to symantec or am i missing something.

    Anyone a clue ?
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    gore : If you want a program to set up an easy firewall for you on Linux I would recommend firestarter http://firestarter.sourceforge.net/

    it is very easy to set up and has quite good results as far as I can see. Give it a go, its free, you have nothing to loose

  9. #9
    Member
    Join Date
    May 2002
    Posts
    61
    Originally posted here by .: Shrekkie :.
    Hi,

    I too have a weird thing to report from Akamai.
    There is prog that tries to access from my computer to destination DNS :

    a195-130-135-238.deploy.akamitechnologies.com or
    a195-130-135-237.deploy.akamitechnologies.com

    It's called LUCOM, en when I search this .exe , i find as result that this LiveUpdate
    prog would try to go to liveupdate from symantec.

    Is akamaitechnologies related to symantec or am i missing something.

    Anyone a clue ?
    Sometimes (mainly in the past), when I download McAfee AV updates, it downlaods from an akamai server...

  10. #10
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Also IE is related to that. Its one of the processes that was connected to akamai (although i had no browsers open at that time. Odd huh?
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •