Akamai -current DDoS attack? -affects Symantec/TrendMicro

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

FYI...from the Internet Storm Center:

- http://isc.sans.org/diary.php?date=2004-05-23
Updated May 24th 2004 15:21 UTC
"It appears that websites that use Akamai's distribution system are currently not reachable. Security related web sites effected are symantec.com and trendmicro.com. Virus updates may fail as a result. Further details are currently not available and updates will be posted here as they become available...According to a post to NANOG, the outage may be the result of a DDOS attack. At this point, Akamai has no ETA for a resolution..."

Sad

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

FYI...

- http://isc.sans.org/diary.php?date=2004-05-23
"...Akamai posted this statement: "Due to a peering problem between ATT and UUNet, a subset of UUNet users may have experienced problems accessing Akamai delivered sites between 8-10pm EDT on Saturday May 22, 2004. The problem has been fully resolved..."

(...so they say, but intermittent problems accessing www.sarc.com and www.trendmicro.com appear to remain...)

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

FYI...from the Internet Storm Center:

Akamai Problems...
- http://isc.sans.org/diary.php?date=2004-05-24
Updated May 25th 2004 03:17 UTC
"Akamai, the largest of the large scale content delivery services was not delivering content earlier today. According to a post from Akamai: "An isolated issue occurred this morning (roughly during the period of 8:00 a.m. - 9:30 a.m. ET), where multiple Akamai customers experienced intermittent performance and availability degradation. This degradation was the result of a bug within one of Akamais backend content control management tools, which allows the expiration of content on the Akamai network. The degradation was not a result of any outside interference with Akamais network (such as Denial of Service or hacking). Upon identification of the bug, Akamai quickly took corrective action which returned customers to normal service levels. Akamai is currently putting measures in place to return the content management tool to its normal working order and is adding safeguards such that the issue will not occur in the future. In the meantime, Akamai customers are able to serve their content through the Akamai Network normally."

So, although it sounds like the rollout of a new version of an internal tool caused them to essentially DoS themselves, things seem to be all better now..."

Question

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

FYI...

- http://www.computerworld.com/printthis/...27,00.html
MAY 25, 2004
"...The tool in question allows Akamai customers to specify how long Web site content hosted on Akamai's global server network should remain before being updated. Once Akamai staff determined the cause of the problem, they disabled that tool and the performance of the customer sites returned to normal. Akamai declined to comment on how many servers or customers were affected, citing company policy not to name customers, Young said. The company is working to restore the content management tool to service and is putting measures in place to prevent future outages."

jvmorris · Posted: Wed May 26, 2004 4:48 pm Post subject:

I know you've been following this Akamai problem rather closely and keeping us informed of its progress and I appreciate that.

I'm now beginning to wonder if the occurrence of this problem and then the propagation of a fix may not have had serious, inconsistent consequences for NIS/NPF 2002 users looking for LiveUpdates to correct a problem associated with the 12 May LiveUpdate.

Specifically, have you run across anything that identifies when this problem first surfaced? Next question: Any information you've run across on the progress of the Akamai fix? We've got some NIS/NPF 2002 users who are apparently finding fixes for the 12 May glitch and others who are finding absolutely nothing. To me, that suggests that some of the Akamai servers (possibly up until sometime on 25 May) had not yet had the revised Liveupdate propagated to them.

Thanks for any enlightenment you can shed on this issue.

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

Way too much "Marketing" and "Company Policy" involved, which gets in the way of the facts, apparently.
Sad

However, I did get my NAV LiveUpdate for 5/26/2004 about an hour ago OK.
Confused

EDIT/ADD: An occasional "look-see" here might be helpful -> http://www.internetpulse.com/
Wink

jvmorris · Posted: Wed May 26, 2004 6:04 pm Post subject:

Danke, here's why I was asking.

This involves the NIS/NPF 2002 fiasco, based on various inputs. Different individuals have different versions of this file (but 'new' ones now seem to be appearing -- only people are getting skittish).

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

Possibly related to this?

- http://www.sarc.com/avcenter/security/C...05.12.html

Question

jvmorris · Posted: Wed May 26, 2004 6:37 pm Post subject:

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

Where have you gone, Peter Norton? With Joe DiMaggio? Question

jvmorris · Posted: Wed May 26, 2004 7:51 pm Post subject:

AplusWebMaster · Sergeant Joined: Mar 14, 2004 Posts: 124 Location: USA

FYI...(a bit off the original topic, but related to the Norton/Symantec category):

- http://isc.sans.org/diary.php?date=2004-05-26
Updated May 27th 2004 02:06 UTC
"...Unconfirmed report that Norton Internet Security 4.0 2002, 2003 & 2004 for Windows has added a new feature which pre-scans the inline html images prior to writing the images to the temp directory and displaying them in the web-browser. This effort is to try to identify web borne worms and viruses. The unfortunate side effect is that pages load incredibly slowly. The report stated that Verizon's page took over 3 minutes to load with the scanner and under 3 seconds without it. This could result in users disabling their firewalls which is not a good thing."
Sad


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 785 pages served in previous 5 minutes. Page Rendered: 0.638 seconds.