Akamai “War” Stories Bruce Maggs.

Slides:



Advertisements
Similar presentations
Router Implementation Project-2
Advertisements

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
IPv6 Victor T. Norman.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Engineering a Content Delivery Network COMPSCI 214 Computer Networks and Distributed Systems Bruce Maggs.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
Internet Control Message Protocol (ICMP)
Akamai OS War Stories Bruce Maggs Gratuitous Quote of the Day Well you’re not hardcore (No you’re not hardcore) Unless you live hardcore (Unless.
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Mapping Internet Addresses to Physical Addresses (ARP)
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.
1 Can DHCP support mobility across LANs (on different subnets?)  On its own, the answer is NO; for reasons cited in DHCP talk on slide 9.  However,
NATs and UDP Victor Norman CS322 Spring NAPT Suppose we have a router doing NAT: half is the “public side”, IP address ; other half is.
Security at NCAR David Mitchell February 20th, 2007.
Birgit Bonham: Prospect High School ARP….or What’s your MAC address?
Akamai “War” Stories Bruce Maggs. Akamai’s First Network Connection We moved into our offices at 201 Broadway at midnight, December 1, 1998, and built.
1 Internetworking Outline Best Effort Service Model Global Addressing Scheme.
NT1210 Introduction to Networking
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Mobile IP Lecture 5.
Akamai “War” Stories Bruce Maggs.
Internet Control Message Protocol (ICMP)
Day 8- The Need for Addressing
or call for office visit, or call Kathy Cheek,
Internet Control Message Protocol (ICMP)
Traceroute traceroute is a Unix utility designed by Van Jacobson in 1987 The Windows equivalent is called tracert The Linux equivalent is called tracepath.
Mobile IP.
Backdoor Attacks.
Network Layer Protocols
Akamai “War” Stories Bruce Maggs.
Instructor Materials Chapter 9: Testing and Troubleshooting
ROUTERS AND REDUNDANCY
Day 10- The Need for Addressing
Password Management Limit login attempts Encrypt your passwords
Internet Control Message Protocol (ICMP)
or call for office visit,
7 Network Layer Part IV Computer Networks Tutun Juhana
Steps To Solve Wireless Connectivity Issue On Your Roku Device For More details visit
Troubleshooting IP Communications
Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.
Subject Name: Computer Communication Networks Subject Code: 10EC71
Internet Control Message Protocol (ICMP)
CS 457 – Lecture 10 Internetworking and IP
Internet Control Message Protocol (ICMP)
ITIS 6167/8167: Network Security
Internet Protocol Version4
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
Internetworking Outline Best Effort Service Model
Wide Area Networks and Internet CT1403
TRANSMISSION CONTROL PROTOCOL
Akamai “War” Stories Bruce Maggs.
Akamai “War” Stories Bruce Maggs.
Bruce Maggs relying on materials from
The Troubleshooting theory
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Homework 8 Operating Systems CS 3430 Sarah Diesburg.
Windows Name Resolution
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
ITIS 6167/8167: Network and Information Security
Akamai “War” Stories Bruce Maggs.
32 bit destination IP address
Bruce Maggs relying on materials from
Presentation transcript:

Akamai “War” Stories Bruce Maggs

Akamai’s First Network Connection We moved into our offices at 201 Broadway at midnight, December 1, 1998, and built our first cluster that night. An important potential investor was coming to visit on December 2. But our Internet service provider didn’t show up on December 1! We had to engineer a solution!

Lost in Space The most worrisome attack we ever faced: One of our servers was receiving properly authenticated messages from an unknown host Fortunately, the messages were not formatted properly and were discarded After two days of investigation, we discovered that the “attacker” was an old Akamai server that we had lost track of It had been sending these messages for months!

David is a Night Owl Your servers aren’t responding! Why don’t you support half-closed connections? Why don’t you support “transactional” TCP? (Why would transactional TCP be bad for Akamai?)

The Dreaded Double Header http://images.xyz.com/logo.gif - customer has delegated images.xyz.com to Akamai, registered image server http://images.xyz.com/images.xyz.com/logo.gif - didn’t work for Dave, but worked for me! Akamai server strips off first header, sends GET /images.xyz.com/logo.gif to customer image server 5 of 8 customer image servers had been patched to ignore /images.xyz.com

Steve can’t see the new Powerbook Steve’s assistant Eddie explains the problem I spend all night poring through the logs Eddie sneaks into Steve’s office Mystery solved

Packet of Death Akamai servers take care of each other A router in Malaysia is taking down our whole system! The mysterious 570-byte MTU The “final” Linux kernel isn’t so final 2.0.36 (Nov. 1998)  2.0.37 (June 1999)

The “Magg Syndrome” We “hijack” a customer’s site? I become the most hated person on the Internet We isolate the problem (nine months of work) Nobody cares?

Don’t do this at home Irate end user threatens to go to police Akamai is attacking my home system! It’s in the logs. It all began in a Yahoo! chat room Have your lawyers call our lawyers

BIND Miseries Open-source DNS server code Messy, buggy implementations Our customers still run old versions! BIND 4.8 TTL issue Refresh attempt when 15 minutes left Success if new list of IP’s overlaps with old list of IP’s Otherwise, refuse to resolve for next 15 minutes!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.