Akamai “War” Stories Bruce Maggs. Akamai’s First Network Connection We moved into our offices at 201 Broadway at midnight, December 1, 1998, and built.

Slides:



Advertisements
Similar presentations
Router Implementation Project-2
Advertisements

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
IPv6 Victor T. Norman.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
4: Network Layer4a-1 IP Addressing: introduction r IP address: 32-bit identifier for host, router interface r interface: connection between host, router.
Engineering a Content Delivery Network COMPSCI 214 Computer Networks and Distributed Systems Bruce Maggs.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
Internet Control Message Protocol (ICMP)
Akamai OS War Stories Bruce Maggs Gratuitous Quote of the Day Well you’re not hardcore (No you’re not hardcore) Unless you live hardcore (Unless.
11- IP Network Layer4-1. Network Layer4-2 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Mapping Internet Addresses to Physical Addresses (ARP)
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.
4: Network Layer4a-1 IP datagram format ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier Internet checksum time.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.
Guide to TCP/IP, Third Edition
1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?
12 – IP, NAT, ICMP, IPv6 Network Layer.
Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.
Website Presentation Written By Mark Brady. Website Advantages Company services can be activated from the customers home, or literally anywhere. Users.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.
1 Can DHCP support mobility across LANs (on different subnets?)  On its own, the answer is NO; for reasons cited in DHCP talk on slide 9.  However,
Understanding Networking Joe Cicero Northeast Wisconsin Technical College.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
NATs and UDP Victor Norman CS322 Spring NAPT Suppose we have a router doing NAT: half is the “public side”, IP address ; other half is.
Security at NCAR David Mitchell February 20th, 2007.
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
Internet Protocols. Address Resolution IP Addresses are not recognized by hardware. If we know the IP address of a host, how do we find out the hardware.
Birgit Bonham: Prospect High School ARP….or What’s your MAC address?
Chapter 2 The Internet Underlying Architecture. How the DNS works? DNS: Domain Name System Visiting a website: - Write the address - IP will use the address.
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
Role Of Network IDS in Network Perimeter Defense.
1 Internetworking Outline Best Effort Service Model Global Addressing Scheme.
NT1210 Introduction to Networking
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Mobile IP Lecture 5.
Akamai “War” Stories Bruce Maggs.
Mobile IP.
Network Layer Protocols
Akamai “War” Stories Bruce Maggs.
Password Management Limit login attempts Encrypt your passwords
Steps To Solve Wireless Connectivity Issue On Your Roku Device For More details visit
Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.
Subject Name: Computer Communication Networks Subject Code: 10EC71
Internet Control Message Protocol (ICMP)
CS 457 – Lecture 10 Internetworking and IP
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP)
Internetworking Outline Best Effort Service Model
TRANSMISSION CONTROL PROTOCOL
Akamai “War” Stories Bruce Maggs.
Akamai “War” Stories Bruce Maggs.
Akamai “War” Stories Bruce Maggs.
The Troubleshooting theory
Homework 8 Operating Systems CS 3430 Sarah Diesburg.
Akamai “War” Stories Bruce Maggs.
32 bit destination IP address
Presentation transcript:

Akamai “War” Stories Bruce Maggs

Akamai’s First Network Connection We moved into our offices at 201 Broadway at midnight, December 1, 1998, and built our first cluster that night. An important potential investor was coming to visit on December 2. But our Internet service provider didn’t show up on December 1! We had to engineer a solution!

4 Lost in Space The most worrisome attack we ever faced: One of our servers was receiving properly authenticated messages from an unknown host Fortunately, the messages were not formatted properly and were discarded After two days of investigation, we discovered that the “attacker” was an old Akamai server that we had lost track of It had been sending these messages for months!

5 David is a Night Owl Your servers aren’t responding! Why don’t you support half-closed connections? Why don’t you support “transactional” TCP? (Why would transactional TCP be bad for Akamai?)

6 The Dreaded Double Header - customer has delegated images.xyz.com to Akamai, registered image server - didn’t work for Dave, but worked for me! Akamai server strips off first header, sends GET /images.xyz.com/logo.gif to customer image server 5 of 8 customer image servers had been patched to ignore /images.xyz.com

7 Steve can’t see the new Powerbook Steve’s assistant Eddie explains the problem I spend all night poring through the logs Eddie sneaks into Steve’s office Mystery solved

8 Packet of Death Akamai servers take care of each other A router in Malaysia is taking down our whole system! The mysterious 570-byte MTU The “final” Linux kernel isn’t so final (Nov. 1998)  (June 1999)

9 The “Magg Syndrome” We “hijack” a customer’s site? I become the most hated person on the Internet We isolate the problem (nine months of work) Nobody cares?

10 Don’t do this at home Irate end user threatens to go to police Akamai is attacking my home system! It’s in the logs. It all began in a Yahoo! chat room Have your lawyers call our lawyers

11 BIND Miseries Open-source DNS server code Messy, buggy implementations Our customers still run old versions! BIND 4.8 TTL issue Refresh attempt when 15 minutes left Success if new list of IP’s overlaps with old list of IP’s Otherwise, refuse to resolve for next 15 minutes!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.