Re: Akamai/HollisterCo

2019-12-18 Thread Owen DeLong 
Here’s the deal…

I’ve pieced this together entirely from data available outside of Akamai. It 
does not involve any knowledge I gained at Akamai unless I’ve also been able to 
identify that information through an independent public source.

Akamai’s system here is designed to make their customers happy without much 
regard for their customer’s customers.

Customers have control over their web application firewall and what it blocks.

Akamai doesn’t (exactly) directly control it.

However, customers can subscribe to reputation information and make automated 
decisions about blocking in their WAF based on that reputation information.

Akamai takes customer confidentiality very seriously. Mostly this is a good 
thing, but it creates a real catch 22 for web users caught in this 
circumstance. If it’s any consolation, I ran into this several times while I 
was working at Akamai and didn’t have any better ability to get resolution than 
what is being reported here.

Akamai NOC can’t tell you what’s happening because that would violate their 
customer’s confidentiality. It’s often very difficult for you to reach anyone 
with a clue at the company in question, and, even if you manage to do so, 
they’ll say “but Akamai runs that for us, you should call them.”

I’ve given up on this ever getting better.

Owen



> On Dec 18, 2019, at 2:11 PM, Dmitriy Vaynshteyn [infiniwiz] 
>  wrote:
> 
> Problem is that I used their client rep lookup tool at 
> https://www.akamai.com/us/en/clientrep-lookup/ and it showed that the IP was 
> clean.
> 
> 
> Dmitriy Vaynshteyn
> Senior Systems Engineer
> 1835 Hicks Rd. Rolling Meadows, IL 60008
> tel:  847.994. | 
> direct:  847.850.7894 | 
> fax:  847.850.7902
> http://www.infiniwiz.com 
> Happy with our service? Tell others by leaving a review or making a referral.
> ​
> 
> -Original Message-
> From: NANOG  On Behalf 
> Of Jared Mauch
> Sent: Wednesday, December 18, 2019 3:56 PM
> To: Mike Hammett 
> Cc: nanog@nanog.org
> Subject: Re: Akamai/HollisterCo
> 
> I’ve had a hard time internally getting people to answer questions around 
> this or how to properly escalate what appears to be blocking related issues.  
> I’m honestly at wits end with them.
> 
> I’ll give you these links:
> 
> https://community.akamai.com/customers/s/article/Why-is-Akamai-Blocking-Me-Part-3-Partners-Performing-Web-Scraping-Activity?language=en_US
> https://www.akamai.com/us/en/clientrep-lookup/
> 
> The reality is when you end up behind a NAT pool or shared IP set, this is 
> entirely possible someone (or thing) is doing malicious activity.  I’ve asked 
> the teams to improve the errors presented to users in this case, so perhaps 
> it will get better.
> 
> If you have a specific reference ID you get back, you can send it to me in 
> e-mail (text, no images please) and I’ll look it up to see what can be found.
> 
> But this also falls into the category - we are performing the action based on 
> our customer request/configuration.
> 
> - Jared
> 
>> On Dec 18, 2019, at 4:29 PM, Mike Hammett  wrote:
>> 
>> That is a common issue eyeball ISPs have with CDNs and security companies.
>> 
>> The obvious technical contact is the CDN or security company, but they 
>> always redirect you to their client because they're "just doing what their 
>> client asked". Yes, please, reach out to Hollister's customer service 
>> department with a request to fix their web site (or tell you why they 
>> won't). See how far that gets you. Meanwhile, go buy some of their tacky 
>> apparel.
>> 
>> On the "just doing what their client asked", what *IS* it that the client 
>> asked? Surely Hollister didn't develop some personal spite for Dmitriy's 
>> client and bock their IP address. No, more likely is that some algorithm 
>> (rightly or wrongly) lumped Dmitriy's client's IP in a list of bad actors 
>> for some reason and Hollister has chosen to block that category of bad 
>> actor. Hollister would be equally clueless as to what is actually happening.
>> 
>> What the CDNs and security companies should respond with is something to the 
>> effect of, "We see 123.456.789.123 doing XYZ bad activity and it needs to 
>> stop before being allowed in." Ya know...  the same way nearly every SPAM 
>> RBL works. You can then kill two birds with one stone: Dmitriy's client can 
>> now buy bad shirts and Dmitriy's client fixes whatever exploits are 
>> happening from their network.
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>> 
>> Midwest-IX
>> http://www.midwest-ix.com
>> 
>> See More from Dmitriy Vaynshteyn [infiniwiz]
>> 
>> ​
>> 
>> See More from Dmitriy Vaynshteyn [infiniwiz]
>> 
>> or making a referral.
>> ​
>> 
>

Re: Akamai/HollisterCo

2019-12-18 Thread Yang Yu 
On Wed, Dec 18, 2019 at 1:57 PM Jared Mauch  wrote:
> I’ll give you these links:
>
> https://community.akamai.com/customers/s/article/Why-is-Akamai-Blocking-Me-Part-3-Partners-Performing-Web-Scraping-Activity?language=en_US
> https://www.akamai.com/us/en/clientrep-lookup/

Thanks Jared. Would be great if this returns v6 reputation as well.
Btw TTFB to v6ds.iplookup.akamai.com is 1 minute.

RE: Akamai/HollisterCo

2019-12-18 Thread Dmitriy Vaynshteyn [infiniwiz] 
Problem is that I used their client rep lookup tool at 
https://www.akamai.com/us/en/clientrep-lookup/ and it showed that the IP was 
clean.


Dmitriy Vaynshteyn
Senior Systems Engineer
1835 Hicks Rd. Rolling Meadows, IL 60008
tel:  847.994. | 
direct:  847.850.7894 | 
fax:  847.850.7902
http://www.infiniwiz.com 
Happy with our service? Tell others by leaving a review or making a referral.
​
 
-Original Message-
From: NANOG  On Behalf Of 
Jared Mauch
Sent: Wednesday, December 18, 2019 3:56 PM
To: Mike Hammett 
Cc: nanog@nanog.org
Subject: Re: Akamai/HollisterCo

I’ve had a hard time internally getting people to answer questions around this 
or how to properly escalate what appears to be blocking related issues.  I’m 
honestly at wits end with them.

I’ll give you these links:

https://community.akamai.com/customers/s/article/Why-is-Akamai-Blocking-Me-Part-3-Partners-Performing-Web-Scraping-Activity?language=en_US
https://www.akamai.com/us/en/clientrep-lookup/

The reality is when you end up behind a NAT pool or shared IP set, this is 
entirely possible someone (or thing) is doing malicious activity.  I’ve asked 
the teams to improve the errors presented to users in this case, so perhaps it 
will get better.

If you have a specific reference ID you get back, you can send it to me in 
e-mail (text, no images please) and I’ll look it up to see what can be found.

But this also falls into the category - we are performing the action based on 
our customer request/configuration.

- Jared

> On Dec 18, 2019, at 4:29 PM, Mike Hammett  wrote:
> 
> That is a common issue eyeball ISPs have with CDNs and security companies.
> 
> The obvious technical contact is the CDN or security company, but they always 
> redirect you to their client because they're "just doing what their client 
> asked". Yes, please, reach out to Hollister's customer service department 
> with a request to fix their web site (or tell you why they won't). See how 
> far that gets you. Meanwhile, go buy some of their tacky apparel.
> 
> On the "just doing what their client asked", what *IS* it that the client 
> asked? Surely Hollister didn't develop some personal spite for Dmitriy's 
> client and bock their IP address. No, more likely is that some algorithm 
> (rightly or wrongly) lumped Dmitriy's client's IP in a list of bad actors for 
> some reason and Hollister has chosen to block that category of bad actor. 
> Hollister would be equally clueless as to what is actually happening.
> 
> What the CDNs and security companies should respond with is something to the 
> effect of, "We see 123.456.789.123 doing XYZ bad activity and it needs to 
> stop before being allowed in." Ya know...  the same way nearly every SPAM RBL 
> works. You can then kill two birds with one stone: Dmitriy's client can now 
> buy bad shirts and Dmitriy's client fixes whatever exploits are happening 
> from their network.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
> 
> Midwest-IX
> http://www.midwest-ix.com
> 
> See More from Dmitriy Vaynshteyn [infiniwiz]
> 
> ​
> 
> See More from Dmitriy Vaynshteyn [infiniwiz]
> 
>  or making a referral.
> ​
>

Re: Akamai/HollisterCo

2019-12-18 Thread Mike Hammett 
I thank you for your efforts. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Jared Mauch"  
To: "Mike Hammett"  
Cc: nanog@nanog.org 
Sent: Wednesday, December 18, 2019 3:56:17 PM 
Subject: Re: Akamai/HollisterCo 

I’ve had a hard time internally getting people to answer questions around this 
or how to properly escalate what appears to be blocking related issues. I’m 
honestly at wits end with them. 

I’ll give you these links: 

https://community.akamai.com/customers/s/article/Why-is-Akamai-Blocking-Me-Part-3-Partners-Performing-Web-Scraping-Activity?language=en_US
 
https://www.akamai.com/us/en/clientrep-lookup/ 

The reality is when you end up behind a NAT pool or shared IP set, this is 
entirely possible someone (or thing) is doing malicious activity. I’ve asked 
the teams to improve the errors presented to users in this case, so perhaps it 
will get better. 

If you have a specific reference ID you get back, you can send it to me in 
e-mail (text, no images please) and I’ll look it up to see what can be found. 

But this also falls into the category - we are performing the action based on 
our customer request/configuration. 

- Jared 

> On Dec 18, 2019, at 4:29 PM, Mike Hammett  wrote: 
> 
> That is a common issue eyeball ISPs have with CDNs and security companies. 
> 
> The obvious technical contact is the CDN or security company, but they always 
> redirect you to their client because they're "just doing what their client 
> asked". Yes, please, reach out to Hollister's customer service department 
> with a request to fix their web site (or tell you why they won't). See how 
> far that gets you. Meanwhile, go buy some of their tacky apparel. 
> 
> On the "just doing what their client asked", what *IS* it that the client 
> asked? Surely Hollister didn't develop some personal spite for Dmitriy's 
> client and bock their IP address. No, more likely is that some algorithm 
> (rightly or wrongly) lumped Dmitriy's client's IP in a list of bad actors for 
> some reason and Hollister has chosen to block that category of bad actor. 
> Hollister would be equally clueless as to what is actually happening. 
> 
> What the CDNs and security companies should respond with is something to the 
> effect of, "We see 123.456.789.123 doing XYZ bad activity and it needs to 
> stop before being allowed in." Ya know... the same way nearly every SPAM RBL 
> works. You can then kill two birds with one stone: Dmitriy's client can now 
> buy bad shirts and Dmitriy's client fixes whatever exploits are happening 
> from their network. 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest-IX 
> http://www.midwest-ix.com 
> 
> See More from Dmitriy Vaynshteyn [infiniwiz] 
> 
> ​ 
> 
> See More from Dmitriy Vaynshteyn [infiniwiz] 
> 
> or making a referral. 
> ​ 
>

Re: Akamai/HollisterCo

2019-12-18 Thread Jared Mauch 
I’ve had a hard time internally getting people to answer questions around this 
or how to properly escalate what appears to be blocking related issues.  I’m 
honestly at wits end with them.

I’ll give you these links:

https://community.akamai.com/customers/s/article/Why-is-Akamai-Blocking-Me-Part-3-Partners-Performing-Web-Scraping-Activity?language=en_US
https://www.akamai.com/us/en/clientrep-lookup/

The reality is when you end up behind a NAT pool or shared IP set, this is 
entirely possible someone (or thing) is doing malicious activity.  I’ve asked 
the teams to improve the errors presented to users in this case, so perhaps it 
will get better.

If you have a specific reference ID you get back, you can send it to me in 
e-mail (text, no images please) and I’ll look it up to see what can be found.

But this also falls into the category - we are performing the action based on 
our customer request/configuration.

- Jared

> On Dec 18, 2019, at 4:29 PM, Mike Hammett  wrote:
> 
> That is a common issue eyeball ISPs have with CDNs and security companies.
> 
> The obvious technical contact is the CDN or security company, but they always 
> redirect you to their client because they're "just doing what their client 
> asked". Yes, please, reach out to Hollister's customer service department 
> with a request to fix their web site (or tell you why they won't). See how 
> far that gets you. Meanwhile, go buy some of their tacky apparel.
> 
> On the "just doing what their client asked", what *IS* it that the client 
> asked? Surely Hollister didn't develop some personal spite for Dmitriy's 
> client and bock their IP address. No, more likely is that some algorithm 
> (rightly or wrongly) lumped Dmitriy's client's IP in a list of bad actors for 
> some reason and Hollister has chosen to block that category of bad actor. 
> Hollister would be equally clueless as to what is actually happening.
> 
> What the CDNs and security companies should respond with is something to the 
> effect of, "We see 123.456.789.123 doing XYZ bad activity and it needs to 
> stop before being allowed in." Ya know...  the same way nearly every SPAM RBL 
> works. You can then kill two birds with one stone: Dmitriy's client can now 
> buy bad shirts and Dmitriy's client fixes whatever exploits are happening 
> from their network.
> 
> 
> 
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
> 
> Midwest-IX
> http://www.midwest-ix.com
> 
> See More from Dmitriy Vaynshteyn [infiniwiz]
> 
> ​
> 
> See More from Dmitriy Vaynshteyn [infiniwiz]
> 
>  or making a referral.
> ​
>

Re: Akamai/HollisterCo

2019-12-18 Thread Mike Hammett 
That is a common issue eyeball ISPs have with CDNs and security companies. 


The obvious technical contact is the CDN or security company, but they always 
redirect you to their client because they're "just doing what their client 
asked". Yes, please, reach out to Hollister's customer service department with 
a request to fix their web site (or tell you why they won't). See how far that 
gets you. Meanwhile, go buy some of their tacky apparel. 


On the "just doing what their client asked", what *IS* it that the client 
asked? Surely Hollister didn't develop some personal spite for Dmitriy's client 
and bock their IP address. No, more likely is that some algorithm (rightly or 
wrongly) lumped Dmitriy's client's IP in a list of bad actors for some reason 
and Hollister has chosen to block that category of bad actor. Hollister would 
be equally clueless as to what is actually happening. 


What the CDNs and security companies should respond with is something to the 
effect of, "We see 123.456.789.123 doing XYZ bad activity and it needs to stop 
before being allowed in." Ya know... the same way nearly every SPAM RBL works. 
You can then kill two birds with one stone: Dmitriy's client can now buy bad 
shirts and Dmitriy's client fixes whatever exploits are happening from their 
network. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Dmitriy Vaynshteyn [infiniwiz]"  
To: nanog@nanog.org 
Sent: Wednesday, December 18, 2019 3:04:23 PM 
Subject: Akamai/HollisterCo 



Hello, 

I am looking for some help with Akamai or a contact from Akamai (or their 
client HollisterCo) 

We have an IP that is being blocked, but can’t get anywhere with their support 
without having an account with them and getting in touch with someone at 
Hollister is even more impossible. 

Any help would be greatly appreciated. 

Thank you, 












Dmitriy Vaynshteyn ​ 



Senior Systems Engineer 


1835 Hicks Rd. Rolling Meadows, IL 60008 



tel: 847.994.   
|   
direct: 847.850.7894
|   

fax: 847.850.7902 








http://www.infiniwiz.com 



Facebook
Twitter 
LinkedIn

Happy with our service? Tell others by leaving a review or making a referral. 
​

Akamai/HollisterCo

2019-12-18 Thread Dmitriy Vaynshteyn [infiniwiz] 
Hello,

I am looking for some help with Akamai or a contact from Akamai (or their 
client HollisterCo)

We have an IP that is being blocked, but can’t get anywhere with their support 
without having an account with them and getting in touch with someone at 
Hollister is even more impossible.

Any help would be greatly appreciated.

Thank you,


[cid:image001.png@01D5B5B4.6DD89970]
Dmitriy Vaynshteyn​
Senior Systems Engineer
1835 Hicks Rd. Rolling Meadows, IL 60008
tel:  847.994.
 |
direct:  847.850.7894
 |
fax:  847.850.7902


http://www.infiniwiz.com
[Facebook]
[Twitter]
[LinkedIn]
Happy with our service? Tell others by leaving a 
review or making a referral.
​