RE: [squid-users] AKAMAI.NEt showing up in Squid Logs

>> > -----Original Message-----
>> > From: Hunter, Jess [mailto:JHunter@SPFLDSPARC.ORG]
>> > Sent: Friday, February 04, 2005 8:44 AM
>> > To: squid-users@squid-cache.org
>> > Subject: [squid-users] AKAMAI.NEt showing up in Squid Logs
>> >
>> >
>> > After reviewing my squid logs I noticed that one of the users kept
>> access
>> > the following site: a248.e.akamai.net:443. I ran Anti-virus and Spybot
>> S&D
>> > but it did not show anything on the workstation. I have tried to
>> research
>> > the removal of this errant cache service and cannot find any removal
>> > instructions. I know this is a little off topic, but has anyone else
>> had
>> > this same issue pop up in there Squid logs and if you have, how did you
>> > correct it.
>> >
>> > Thanks In Advance
>> -----Original Message-----
>> From: Chris Robertson [SMTP:crobertson@gci.com]
>> Sent: Friday, February 04, 2005 12:22 PM
>> To: squid-users@squid-cache.org
>> Subject: RE: [squid-users] AKAMAI.NEt showing up in Squid Logs
>>
>>
>> I'm not sure if you are aware, but akamai is a distributed caching
service
>> that a lot of sites and ISPs use to distribute content. An example is
>> Apple.com's movie trailers. It would not surprise me if one of the
larger
>> banks (or something like eBay) is using akamai to serve images for their
>> secure pages. If you want to block this request, something like the
>> following should work (assuming you have the CONNECT method acl still in
>> your squid.conf):
>>
>> acl akamai dst_domain .akamai.net
>> http_access deny CONNECT akamai
>>
>> This will block all secure requests to akamai. Be ready for calls if you
>> implement this.
>>
>> Chris
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 2/3/2005
>>
>>
> -----Original Message-----
> From: Hunter, Jess [mailto:JHunter@SPFLDSPARC.ORG]
> Sent: Friday, February 04, 2005 10:02 AM
> To: Chris Robertson; squid-users@squid-cache.org
> Subject: RE: [squid-users] AKAMAI.NEt showing up in Squid Logs
>
>
> I knew they did some sort of caching. My concern is that there may be
> something errantly installed on the workstation that I cannot locate. Out
> of 247 Views, 45 of them are to websites while the remaining 202 are to
the
> AKAMAI server. So it seems like there is some sort of application that is
> hammering that specific server.
>
> Still trying to glean more knowledge on this.
>
> Thanks,
>
> Jess
>

Hmmm... Old akamai vulnerability: http://diswww.mit.edu/menelaus/bt/17272

Still seems to work, actually... Very interesting.

Chris
Received on Fri Feb 04 2005 - 12:21:24 MST