[AusNOG] AWS sites inaccessciible

Mark Smith markzzzsmith at gmail.com
Wed Jun 15 10:16:53 EST 2016 

On 14 June 2016 at 21:50, Tin, James <jtin at akamai.com> wrote:
> Ding, Ding, Ding, we have a winner.
>
> Chris is absolutely right here.
>
>
>
> I am the principal enterprise security architect at Akamai and sometimes
> glance thru this mailing list.
>
>
>
> Mal,
>
> These sites are delivered on Akamai and the reason why you are being blocked
> is due to your current and or previous activity across sites delivered from
> the Akamai platform. Otherwise known as Client Reputation. The website
> owners have implemented a block policy to block clients with a poor track
> record from accessing their site.
>
>
>
> There are currently 4 categories of bad actors Akamai detects with Client
> Reputation.
>
> 1)       Web Attackers – Performed application layer attacks
>
> 2)       Scrapers – Non human traffic
>
> 3)       DoS Attackers – Participated in DDoS attacks
>
> 4)       Web Scanners – used automated penetration testing or vulnerability
> testing tools.
>
>
>
> On the 06/06/2016 at 01:45:00 PM, your network sent 7982 requests in an
> attempt to brute force ASP login pages across 1 different applications. Your
> network has been categorized as a Web Attacker based on this history.
>
>
>
> So I would recommend that you perform penetration testing from a different
> location from where you browse the internet. Or if you’re not familiar with
> any penetration testing activity, then it is a sign of a compromised host in
> your infrastructure.
>
>
>
> If your network is cleaned up or stop doing this activity, over the next
> week or so and your client reputation score will automatically decay to zero
> based on current decay for your network.
>
>
>
> If you have any questions, please see here
> https://community.akamai.com/community/cloud-security/blog/2016/4/19
>
> You are welcome to ask any questions there.
>
>

It would be better to include some or all of the above in the access
denied error message so that people aren't wondering what the problem
is.

(I don't think there is any excuse for terse error messages or just
error codes anymore - it's 2016, we have plenty of CPU, RAM and
bandwidth so we can afford to help make troubleshooting easier and
quicker. The developer seconds saved by being terse can multiply into
100s of hours of lost time to the developer's end-users, in particular
for Internet scale services like Akamai et. al.)

Regards,
Mark.

>
> James.
>
>
>
> From: Chris Jones <chrisj at aprole.com>
> Date: Tuesday, June 14, 2016 at 11:57 AM
> To: Mal Everett <Mal.Everett at elmtree.com.au>
> Cc: "ausnog at ausnog.net" <ausnog at ausnog.net>
> Subject: Re: [AusNOG] AWS sites inaccessciible
>
>
>
> That looks suspiciously like an Akamai error message, and DNS certainly
> points that way.  I’d have a chat to the Akamai team, if its happening to a
> bunch of different (unrelated) sites.
>
>
>
> Chris
>
>
>
> On 14 Jun 2016, at 11:52 AM, Mal Everett <Mal.Everett at elmtree.com.au> wrote:
>
>
>
> Hi all,
>
>
>
> I have got a range of IPs that seemingly are "forbidden" (via a packet
> capture) by AWS when trying to access websites like qantas.com.au and
> danmuprhys.com.au
>
>
>
> Just scratching my head and wondering - "who do you call" ?
>
> As an example in a browser we get
>
>
>
> Access Denied
>
>
>
> You don't have permission to access "http://www.qantas.com.au/" on this
> server.
>
> Reference #18.e7c33b8.1465867681.e63677d
>
>
>
> Cheers
>
> Mal
>
> DISCLAIMER:
>
> This e-mail message may contain information which is
> confidential to the message originator. If you have received this e-
> mail by mistake, please advise us immediately by return e-mail
> and delete this e-mail, including any attachments, from your
> system. You may not disclose, copy or distribute any part of this e-
> mail. Also, please note that the opinions expressed in this e-mail
> are those of the author, and are not necessarily those of the
> originators employer. Any concerns about the content of this email
> should be immediately directed to Directors at elmtree.com.au.
> This message and any attachments have been scanned for
> viruses prior to leaving the originators network.
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

More information about the AusNOG mailing list