Akamai-d or: How I Got Banned From the Internet

For those of you unfamiliar with Akamai, it is a CDN/Cloud host, as well as a WAF.

Prelude

Today, my story will be about the WAF piece of Akamai.

A few weeks back, my friend and former co-worker ch1kpee managed to get himself blacklisted by Akamai.

Akamai - Dan Tweet

After having a few laughs at his expense, he was finally able to resolve the situation.

Fast forward to a few weeks later, and I am on a new engagement. The engagement itself didn’t have anything of note yet, but I noted that they were running behind Akamai. Whenever possible, I test through our lab VPN, so this is not something that I need to worry about.

With all that in mind, I go out to lunch with ch1kpee and a few others. While at lunch, I mentioned my current engagement, and we all laughed about me possibly, “pulling a Dan”.

Issues Arise

Fast forward to when I return home, and I noticed that Burp Scanner was stuck. While a bit odd, I also notice that my VPN managed to disconnect, so I thought it might just be a network issue. That said, once I reconnected to my LAN, I was still unable to hit the site.

After a bit of troubleshooting, I e-mailed the client asking if they were noticing any connection issues, and started working on the report.

Blocked

Later on in the evening I went to check my 401k, and noticed the first sign of trouble.

Akamai - Fidelity

Remembering what Dan said, and what had happened to him, I also tried to check Delta.

Akamai - Delta

At this point, I knew that I ended up on Akamai’s bad reputation list, and hacker’s girlfriend shouted up the stairs that she couldn’t get to eBay.

Akamai - eBay

Troubleshooting

First, I thought that I could just change my router’s MAC address, and then TWC would give me a new DHCP lease.

Akamai - MAC change

Unfortunately, this did not work even after multiple reboots.

Then I gave TWC a call, and after eventually getting to level 2 support, they said that I should get a new MAC address within 24 hours.

As you can guess, I was still blocked 24 hours later.

I also managed to find more sites running Akamai, which was an interesting way of information gathering.

Akamai - Salsa Labs

Resolution!

Fast forward to one more day, and I am back on the line with someone at TWC who seems fairly intelligent.

After explaining my situation to them, I give them my newest MAC address, we reboot everything, and I ended up with a new IP address!

Just to verify, I went to Delta, and was able to see their website.

Akamai - Unbanned

Lessons learned? Make sure that the VPN is up when testing a client, and try to get IPs white-listed in the WAF regardless.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*