Akamai-d or: How I Got Banned From the Internet

For those of you unfamiliar with Akamai, it is a CDN/Cloud host, as well as a WAF.

Prelude

Today, my story will be about the WAF piece of Akamai.

A few weeks back, my friend and former co-worker ch1kpee managed to get himself blacklisted by Akamai.

Akamai - Dan Tweet

After having a few laughs at his expense, he was finally able to resolve the situation.

Fast forward to a few weeks later, and I am on a new engagement. The engagement itself didn’t have anything of note yet, but I noted that they were running behind Akamai. Whenever possible, I test through our lab VPN, so this is not something that I need to worry about.

With all that in mind, I go out to lunch with ch1kpee and a few others. While at lunch, I mentioned my current engagement, and we all laughed about me possibly, “pulling a Dan”.

Issues Arise

Fast forward to when I return home, and I noticed that Burp Scanner was stuck. While a bit odd, I also notice that my VPN managed to disconnect, so I thought it might just be a network issue. That said, once I reconnected to my LAN, I was still unable to hit the site.

After a bit of troubleshooting, I e-mailed the client asking if they were noticing any connection issues, and started working on the report.

Blocked

Later on in the evening I went to check my 401k, and noticed the first sign of trouble.

Akamai - Fidelity

Remembering what Dan said, and what had happened to him, I also tried to check Delta.

Akamai - Delta

At this point, I knew that I ended up on Akamai’s bad reputation list, and hacker’s girlfriend shouted up the stairs that she couldn’t get to eBay.

Akamai - eBay

Troubleshooting

First, I thought that I could just change my router’s MAC address, and then TWC would give me a new DHCP lease.

Akamai - MAC change

Unfortunately, this did not work even after multiple reboots.

Then I gave TWC a call, and after eventually getting to level 2 support, they said that I should get a new MAC address within 24 hours.

As you can guess, I was still blocked 24 hours later.

I also managed to find more sites running Akamai, which was an interesting way of information gathering.

Akamai - Salsa Labs

Resolution!

Fast forward to one more day, and I am back on the line with someone at TWC who seems fairly intelligent.

After explaining my situation to them, I give them my newest MAC address, we reboot everything, and I ended up with a new IP address!

Just to verify, I went to Delta, and was able to see their website.

Akamai - Unbanned

Lessons learned? Make sure that the VPN is up when testing a client, and try to get IPs white-listed in the WAF regardless.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (currently GXPN) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*