<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1679188966;
mso-list-type:hybrid;
mso-list-template-ids:788316604 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Ding, Ding, Ding, we have a winner.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Chris is absolutely right here.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I am the principal enterprise security architect at Akamai and sometimes glance thru this mailing list.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Mal, <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">These sites are delivered on Akamai and the reason why you are being blocked is due to your current and or previous activity across sites delivered from the Akamai platform. Otherwise known
as Client Reputation. The website owners have implemented a block policy to block clients with a poor track record from accessing their site.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">There are currently 4 categories of bad actors Akamai detects with Client Reputation.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Calibri"><span style="mso-list:Ignore">1)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:Calibri">Web Attackers – Performed application layer attacks<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Calibri"><span style="mso-list:Ignore">2)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:Calibri">Scrapers – Non human traffic<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Calibri"><span style="mso-list:Ignore">3)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:Calibri">DoS Attackers – Participated in DDoS attacks<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:Calibri"><span style="mso-list:Ignore">4)<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:Calibri">Web Scanners – used automated penetration testing or vulnerability testing tools.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">On the 06/06/2016 at 01:45:00 PM, your network sent 7982 requests in an attempt to brute force ASP login pages across 1 different applications. Your network has been categorized as a Web
Attacker based on this history.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">So I would recommend that you perform penetration testing from a different location from where you browse the internet. Or if you’re not familiar with any penetration testing activity,
then it is a sign of a compromised host in your infrastructure. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">If your network is cleaned up or stop doing this activity, over the next week or so and your client reputation score will automatically decay to zero based on current decay for your network.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">If you have any questions, please see here
<a href="https://community.akamai.com/community/cloud-security/blog/2016/4/19">https://community.akamai.com/community/cloud-security/blog/2016/4/19</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">You are welcome to ask any questions there.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">James.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">Chris Jones <chrisj@aprole.com><br>
<b>Date: </b>Tuesday, June 14, 2016 at 11:57 AM<br>
<b>To: </b>Mal Everett <Mal.Everett@elmtree.com.au><br>
<b>Cc: </b>"ausnog@ausnog.net" <ausnog@ausnog.net><br>
<b>Subject: </b>Re: [AusNOG] AWS sites inaccessciible<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">That looks suspiciously like an Akamai error message, and DNS certainly points that way. I’d have a chat to the Akamai team, if its happening to a bunch of different (unrelated) sites.
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Chris<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On 14 Jun 2016, at 11:52 AM, Mal Everett <<a href="mailto:Mal.Everett@elmtree.com.au">Mal.Everett@elmtree.com.au</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri">Hi all,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri">I have got a range of IPs that seemingly are "forbidden" (via a packet capture) by AWS when trying to access websites like<span class="apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__qantas.com.au_&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=wJDREqbOvAj7uAMLV05riA&m=LYSvP67gfcBBjhbLX6Wy_nau7Si9SvHtSO4r1fDDz8c&s=xB9Z1n8va1J35pAlAehdGfB-v3zWwpFkJkW2zgi0wsA&e=">qantas.com.au</a><span class="apple-converted-space"> </span>and <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__danmuprhys.com.au_&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=wJDREqbOvAj7uAMLV05riA&m=LYSvP67gfcBBjhbLX6Wy_nau7Si9SvHtSO4r1fDDz8c&s=ohmNQ2Q-wVUCgD3BQj2WibrhwlBGjxjWQZtybr1QImI&e=">danmuprhys.com.au</a> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri">Just scratching my head and wondering - "who do you call" ?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri">As an example in a browser we get<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri">Access Denied<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri">You don't have permission to access "<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.qantas.com.au_&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=wJDREqbOvAj7uAMLV05riA&m=LYSvP67gfcBBjhbLX6Wy_nau7Si9SvHtSO4r1fDDz8c&s=4HQMj3ui76fanevQ67ruFC_1UTjbnhrMla2L2kcsHas&e=">http://www.qantas.com.au/</a>"
on this server.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri">Reference #18.e7c33b8.1465867681.e63677d<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:Calibri"><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:Tahoma">Cheers<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:9.0pt;font-family:Tahoma;color:#0092B4">Mal </span><span style="font-size:10.0pt;font-family:Tahoma"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:9.0pt;font-family:Helvetica">DISCLAIMER:<br>
<br>
This e-mail message may contain information which is<span class="apple-converted-space"> </span><br>
confidential to the message originator. If you have received this e-<br>
mail by mistake, please advise us immediately by return e-mail<span class="apple-converted-space"> </span><br>
and delete this e-mail, including any attachments, from your<span class="apple-converted-space"> </span><br>
system. You may not disclose, copy or distribute any part of this e-<br>
mail. Also, please note that the opinions expressed in this e-mail<span class="apple-converted-space"> </span><br>
are those of the author, and are not necessarily those of the<span class="apple-converted-space"> </span><br>
originators employer. Any concerns about the content of this email<span class="apple-converted-space"> </span><br>
should be immediately directed to<span class="apple-converted-space"> </span><a href="mailto:Directors@elmtree.com.au">Directors@elmtree.com.au</a>.<span class="apple-converted-space"> </span><br>
This message and any attachments have been scanned for<span class="apple-converted-space"> </span><br>
viruses prior to leaving the originators network.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:Helvetica">_______________________________________________<br>
AusNOG mailing list<br>
</span><a href="mailto:AusNOG@lists.ausnog.net"><span style="font-size:9.0pt;font-family:Helvetica">AusNOG@lists.ausnog.net</span></a><span style="font-size:9.0pt;font-family:Helvetica"><br>
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.ausnog.net_mailman_listinfo_ausnog&d=DQMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=wJDREqbOvAj7uAMLV05riA&m=LYSvP67gfcBBjhbLX6Wy_nau7Si9SvHtSO4r1fDDz8c&s=Wv1GeH1LA0BPGfL_JL2Rq0EI0h7s8ONcAu8rO6ijkpo&e="><span style="font-size:9.0pt;font-family:Helvetica">http://lists.ausnog.net/mailman/listinfo/ausnog</span></a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>