[71511] in North American Network Operators' Group
Re: Akamai an Inside Job?
daemon@ATHENA.MIT.EDU (Brian Mulvaney)
Wed Jun 16 12:42:43 2004
Date: Wed, 16 Jun 2004 09:41:45 -0700
To: nanog@merit.edu
From: Brian Mulvaney <brianm@rain.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 08:23 AM 6/16/2004, David Kennedy CISSP wrote:
>http://www.overclockersclub.com/?read=8733819
>
>The Akamai attacks started in the morning and it was detected by
>Keynote Systems, a web tracking company that is able to track the load
>and bandwidth on the Internet. According to Keynote they saw
>an "Internet performance issue" this morning
Keynote's primary business model is measuring the performance and
availability of public web sites as seen from a distributed network of
synthetic probes. They don't offer any services that "track the load and
bandwidth on the Internet". Here's what their public/PR type email alert
said on the matter yesterday:
Keynote Internet Performance Alert
Starting at approximately 5:30am PDT today, a major Internet performance
issue was detected by Keynote systems. By 6:00am, the availability of the
Keynote Business 40 Internet Performance Index had dropped from its usual
near-100% availability to 81% availability:
<http://keynote.lyris.net/t/4086/732513/23/0/>http://web507.keynote.com/mykeynote/Post/KB40data_061504_085844.asp
Further analysis by Keynote indicated that the availability issues were
limited to several large sites, all of whom outsource their DNS services to
Akamai. These sites dropped to near-zero availability:
<http://keynote.lyris.net/t/4086/732513/24/0/>http://web507.keynote.com/mykeynote/Post/KB40data_061504_090509.asp
Availability was largely restored by approximately 7:45am PDT.
>...
>They have tracked the attacker back to person that is at the Akamai
>Technologies ISP. No other information has been given to us at this
>time. We do not know if the FBI is working on this issue right now, but
>we expect them to do so.
>
>[DMK: Source, beyond overclockers, unknown, reliability and accuracy unknown.]
That's nonsense David. Keynote measurements can distinguish between
availability problems caused by DNS outages versus those caused by
connectivity or site outages. They manifestly don't track attackers.
Brian Mulvaney
