Akamai

Discussion in 'privacy general' started by Patrice, May 20, 2003.

Thread Status:
Not open for further replies.
  1. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hello everyone,

    My firewall blocks some packets from time to time. When I inspected them a little bit more seriously, I found out the following:

    a195-49-93-216.deploy.akamaitec=195.49.93.216

    They are all coming from this address here:

    http://www.akamai.com/

    Somewhere on their site they say, that they try to make the internet faster & better. But why they ping the whole IP addresses I don't know. Anyone of you made this experience as well? Actually I don't like that at all! :mad:

    And last but not least, this doesn't happen, because I visited a site they host! No, just when I start up my PC this can happen as well...

    Any clues?

    Best regards,

    Patrice
     
  2. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Mhh... I might have found the problem, check out this network sniffing:

    0000:47 45 54 20 2F 6E 61 76 GET /nav
    0008:6E 74 5F 39 2E 30 35 5F nt_9.05_
    0010:67 65 72 6D 61 6E 5F 6C german_l
    0018:69 76 65 74 72 69 2E 7A ivetri.z
    0020:69 70 20 48 54 54 50 2F ip HTTP/
    0028:31 2E 30 0D 0A 41 63 63 1.0..Acc
    0030:65 70 74 3A 20 2A 2F 2A ept: */*
    0038:0D 0A 49 66 2D 4D 6F 64 ..If-Mod
    0040:69 66 69 65 64 2D 53 69 ified-Si
    0048:6E 63 65 3A 20 54 68 75 nce: Thu
    0050:2C 20 30 31 20 4D 61 79 , 01 May
    0058:20 32 30 30 33 20 31 38 2003 18
    0060:3A 32 36 3A 32 33 20 47 :26:23 G
    0068:4D 54 0D 0A 43 61 63 68 MT..Cach
    0070:65 2D 43 6F 6E 74 72 6F e-Contro
    0078:6C 3A 20 6D 61 78 2D 61 l: max-a
    0080:67 65 3D 30 0D 0A 55 73 ge=0..Us
    0088:65 72 2D 41 67 65 6E 74 er-Agent
    0090:3A 20 53 79 6D 61 6E 74 : Symant
    0098:65 63 20 4C 69 76 65 55 ec LiveU
    00A0:70 64 61 74 65 0D 0A 48 pdate..H
    00A8:6F 73 74 3A 20 6C 69 76 ost: liv
    00B0:65 75 70 64 61 74 65 2E eupdate.
    00B8:73 79 6D 61 6E 74 65 63 symantec
    00C0:6C 69 76 65 75 70 64 61 liveupda
    00C8:74 65 2E 63 6F 6D 0D 0A te.com..
    00D0:43 6F 6E 6E 65 63 74 69 Connecti
    00D8:6F 6E 3A 20 4B 65 65 70 on: Keep
    00E0:2D 41 6C 69 76 65 0D 0A -Alive..
    00E8:50 72 61 67 6D 61 3A 20 Pragma:
    00F0:6E 6F 2D 00 00 00 00 00 no-.....
    00F8:00 00 00 00 ....

    And guess what, the address destination is:

    a195-49-93-216.deploy.akamaitec=195.49.93.216

    So, this means, it is MY computer, which sends this signal out to them. It seems that they host the Symantec Updates.

    Problem solved! ;)

    Best regards,

    Patrice
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    They host lots more than only Symantec.

    The ping is required to decide wich server is closest to you so that this nearest site can serve you, which in fact does enhance the performance a bit.

    No big deal I suppose. On my Snort equipped server the Akamai pings are among the most detected events.
     
Thread Status:
Not open for further replies.