For those of you unfamiliar with Akamai, it is a CDN/Cloud host, as well as a WAF.
Today, my story will be about the WAF piece of Akamai.
A few weeks back, my friend and former co-worker ch1kpee managed to get himself blacklisted by Akamai.
After having a few laughs at his expense, he was finally able to resolve the situation.
Fast forward to a few weeks later, and I am on a new engagement. The engagement itself didn’t have anything of note yet, but I noted that they were running behind Akamai. Whenever possible, I test through our lab VPN, so this is not something that I need to worry about.
With all that in mind, I go out to lunch with ch1kpee and a few others. While at lunch, I mentioned my current engagement, and we all laughed about me possibly, “pulling a Dan”.
Fast forward to when I return home, and I noticed that Burp Scanner was stuck. While a bit odd, I also notice that my VPN managed to disconnect, so I thought it might just be a network issue. That said, once I reconnected to my LAN, I was still unable to hit the site.
After a bit of troubleshooting, I e-mailed the client asking if they were noticing any connection issues, and started working on the report.
Later on in the evening I went to check my 401k, and noticed the first sign of trouble.
Remembering what Dan said, and what had happened to him, I also tried to check Delta.
At this point, I knew that I ended up on Akamai’s bad reputation list, and hacker’s girlfriend shouted up the stairs that she couldn’t get to eBay.
First, I thought that I could just change my router’s MAC address, and then TWC would give me a new DHCP lease.
Unfortunately, this did not work even after multiple reboots.
Then I gave TWC a call, and after eventually getting to level 2 support, they said that I should get a new MAC address within 24 hours.
As you can guess, I was still blocked 24 hours later.
I also managed to find more sites running Akamai, which was an interesting way of information gathering.
Fast forward to one more day, and I am back on the line with someone at TWC who seems fairly intelligent.
After explaining my situation to them, I give them my newest MAC address, we reboot everything, and I ended up with a new IP address!
Just to verify, I went to Delta, and was able to see their website.
Lessons learned? Make sure that the VPN is up when testing a client, and try to get IPs white-listed in the WAF regardless.