-
January 11th, 2003, 11:06 PM
#1
HaHaHa Akamaitechnologies Port Scan
I've run into irritating port scans by Akamaitechnologies before...but THIS TIME....I stopped them. I was just sitting here looking for a job and my firewall alerted me that it had stopped a port scan.
Now I know they say they are just trying to make things better:
Our company sometimes does some research on internet connectivity using pings. The goal of our research is to improve download times for end users.
It's something to think about.
Here is the link.
I'm not sure I believe their intentions are THAT innocent.
Here it is:
============================
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4165 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4166 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4171 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4172 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall blocked an attempt to attack your machine using a "Port Scan" attack. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4179 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall blocked an incoming TCP packet. The remote address associated with the traffic was 209.247.153.150. The remote port was 80 [HTTP]. The local port on your PC was 4179 [ephemeral]. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall automatically blocked incoming traffic from IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall automatically blocked outgoing traffic to IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall automatically blocked outgoing traffic to IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 1 [ICMP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall automatically blocked outgoing traffic to IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall automatically blocked incoming traffic from IP address 209.247.153.150. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 6 [TCP]. The remote address associated with the traffic was 209.247.153.150. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
McAfee Firewall automatically blocked incoming traffic from IP address 239.255.255.250. You have configured McAfee Firewall to always block traffic to or from this address. The IP protocol type was 17 [UDP]. The remote address associated with the traffic was 192.168.1.1. The network adapter for the traffic was "Instant Wireless Network PC Card V3.0".
-
January 17th, 2003, 09:41 AM
#2
Hi mathgirl32,
Indeed i have encountered very similar results in my firewall logs, with the addition that most of the times, akamai had established connections to my box on highports. Many attempts to block that have failed at first. When i dropped all packages from that specific ip, they connected again using another ip (one number up). My results on their servers looked like a honey pot at first. I had a hard time findig any info about them (not even netcraft could help). I believe too that its more to it than they claim. So far i have managed to block them (i dropped their whole ip range), but since they have so many servers around the globe, i read my logs incase i have to drop more ip ranges. The weird thing is......in the beginning, i had a firewall running that blocked all inccoming traffic (except related dns, http) and still there were established connections to my machine. I usually came across akamai after trying to login to msn chat, hotmail, yahoo mail, and yahoo chat. I will do the same thing, send them an email telling them to exclude me from their "probes".
Thanx for posting this mathgirl32, as i think we will be hearing alot more from them in the future. This is an IMPORTANT issue, since from my point of view, it looks like privacy intrusion.
Cheers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
January 17th, 2003, 10:57 AM
#3
while on the topic of firewalls, does anyone know any good Linux firewalls, i didnt get to many responces from a search engine, but any of you that use Linux maybe have one that you think is good or know where i can get one? (i like having more than one)
-
January 17th, 2003, 12:31 PM
#4
Gore....
In linux its better to setup your own firewall using iptables. I never recomend using a firewall out of the box. Its better to setup your rules manually (which also helps you understand and learn more about networking and protocols), and iptables is really good for that. It might take some time to read on how to use iptables, but its more than worth it. For info about iptables i would do a google on "iptables tutorials" I cant name a specific site on that since i have my tutorials as books. How ever, i have setup a linux firewall called devil-linux which is really a master piece. Have a look at their website. www.devil-linux.org That is if you have a LAN and are ready to dedicate a computer to act as a firewall. Again, devil linux runs on manually defined iptables rules. It runs of a live cd (no hardisk needed) so its read only and cannot be edited. Its not easy to setup, but its worth the trouble. My entire company and home network use this devil linux, and so far its really great. Give it a try.
Good luck
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
January 18th, 2003, 01:31 AM
#5
Our company sometimes does some research on internet connectivity using pings. The goal of our research is to improve download times for end users.
unfortunatly for us the download times they reffer to are the streaming media advertisments of their customers.
Akamaitechnologies is the largest bandwith thief out there however most of the stuff that comes from them is in response a request from your browser. add this list to you hosts file:
127.0.0.1 a209-247-153-150.deploy.akamaitechnologies.com
127.0.0.1 akamaitechnologies.com
127.0.0.1 a388.g.akamai.net
127.0.0.1 a917.g.akamai.net
127.0.0.1 a4.g.akamai.net
127.0.0.1 yd.akamai.com #A (Address) 63.215.198.103
127.0.0.1 ye.akamai.com #A (Address) 12.47.217.26
127.0.0.1 yf.akamai.com #A (Address) 216.32.118.14
127.0.0.1 yb.akamai.com #A (Address) 216.32.118.104
127.0.0.1 yc.akamai.com #A (Address) 209.246.46.48
127.0.0.1 yg.akamai.com #A (Address) 63.215.198.86
127.0.0.1 yh.akamai.com #A (Address) 63.146.179.79
127.0.0.1 access.akamai.com #A (Address) 80.67.70.18
127.0.0.1 mx1.akamai.com #A (Address) 80.67.70.12
127.0.0.1 mx2.akamai.com #A (Address) 80.67.70.14
127.0.0.1 mx3.akamai.com #A (Address) 63.116.109.19
127.0.0.1 EUR1.AKAM.NET #A (Address) 212.187.244.35
127.0.0.1 EUR2.AKAM.NET #A (Address) 212.187.169.152
127.0.0.1 NS1-137.AKAM.NET #A (Address) 193.108.91.137
127.0.0.1 NS1-2.AKAM.NET #A (Address) 193.108.91.2
127.0.0.1 NS1-3.AKAM.NET #A (Address) 193.108.91.3
127.0.0.1 NS1-42.AKAM.NET #A (Address) 193.108.91.42
127.0.0.1 USE1.AKAM.NET #A (Address) 65.163.234.133
127.0.0.1 USE3.AKAM.NET #A (Address) 64.14.76.206
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
January 19th, 2003, 09:36 PM
#6
Thanks for the info, Tedob1! Consider it done!!
And, yes, Instronics....they ARE sneaky, aren't they?? I'll be keeping an eye on them.
-
January 24th, 2003, 01:53 PM
#7
Hi,
I too have a weird thing to report from Akamai.
There is prog that tries to access from my computer to destination DNS :
a195-130-135-238.deploy.akamitechnologies.com or
a195-130-135-237.deploy.akamitechnologies.com
It's called LUCOM, en when I search this .exe , i find as result that this LiveUpdate
prog would try to go to liveupdate from symantec.
Is akamaitechnologies related to symantec or am i missing something.
Anyone a clue ?
-
January 24th, 2003, 02:27 PM
#8
gore : If you want a program to set up an easy firewall for you on Linux I would recommend firestarter http://firestarter.sourceforge.net/
it is very easy to set up and has quite good results as far as I can see. Give it a go, its free, you have nothing to loose
-
February 3rd, 2003, 06:18 PM
#9
Member
Originally posted here by .: Shrekkie :.
Hi,
I too have a weird thing to report from Akamai.
There is prog that tries to access from my computer to destination DNS :
a195-130-135-238.deploy.akamitechnologies.com or
a195-130-135-237.deploy.akamitechnologies.com
It's called LUCOM, en when I search this .exe , i find as result that this LiveUpdate
prog would try to go to liveupdate from symantec.
Is akamaitechnologies related to symantec or am i missing something.
Anyone a clue ?
Sometimes (mainly in the past), when I download McAfee AV updates, it downlaods from an akamai server...
-
February 3rd, 2003, 06:24 PM
#10
Also IE is related to that. Its one of the processes that was connected to akamai (although i had no browsers open at that time. Odd huh?
Ubuntu-: Means in African : "Im too dumb to use Slackware"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|