>> > -----Original Message----- >> > From: Hunter, Jess [mailto:JHunter@xxxxxxxxxxxxxx] >> > Sent: Friday, February 04, 2005 8:44 AM >> > To: squid-users@xxxxxxxxxxxxxxx >> > Subject: [squid-users] AKAMAI.NEt showing up in Squid Logs >> > >> > >> > After reviewing my squid logs I noticed that one of the users kept >> access >> > the following site: a248.e.akamai.net:443. I ran Anti-virus and Spybot >> S&D >> > but it did not show anything on the workstation. I have tried to >> research >> > the removal of this errant cache service and cannot find any removal >> > instructions. I know this is a little off topic, but has anyone else >> had >> > this same issue pop up in there Squid logs and if you have, how did you >> > correct it. >> > >> > Thanks In Advance >> -----Original Message----- >> From: Chris Robertson [SMTP:crobertson@xxxxxxx] >> Sent: Friday, February 04, 2005 12:22 PM >> To: squid-users@xxxxxxxxxxxxxxx >> Subject: RE: [squid-users] AKAMAI.NEt showing up in Squid Logs >> >> >> I'm not sure if you are aware, but akamai is a distributed caching service >> that a lot of sites and ISPs use to distribute content. An example is >> Apple.com's movie trailers. It would not surprise me if one of the larger >> banks (or something like eBay) is using akamai to serve images for their >> secure pages. If you want to block this request, something like the >> following should work (assuming you have the CONNECT method acl still in >> your squid.conf): >> >> acl akamai dst_domain .akamai.net >> http_access deny CONNECT akamai >> >> This will block all secure requests to akamai. Be ready for calls if you >> implement this. >> >> Chris >> >> -- >> No virus found in this incoming message. >> Checked by AVG Anti-Virus. >> Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 2/3/2005 >> >> > -----Original Message----- > From: Hunter, Jess [mailto:JHunter@xxxxxxxxxxxxxx] > Sent: Friday, February 04, 2005 10:02 AM > To: Chris Robertson; squid-users@xxxxxxxxxxxxxxx > Subject: RE: [squid-users] AKAMAI.NEt showing up in Squid Logs > > > I knew they did some sort of caching. My concern is that there may be > something errantly installed on the workstation that I cannot locate. Out > of 247 Views, 45 of them are to websites while the remaining 202 are to the > AKAMAI server. So it seems like there is some sort of application that is > hammering that specific server. > > Still trying to glean more knowledge on this. > > Thanks, > > Jess > Hmmm... Old akamai vulnerability: http://diswww.mit.edu/menelaus/bt/17272 Still seems to work, actually... Very interesting. Chris
