Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
For those of you unfamiliar with Akamai, it is a CDN/Cloud host, as well as a WAF.
Prelude
Today, my story will be about the WAF piece of Akamai.
A few weeks back, my friend and former co-worker ch1kpee managed to get himself blacklisted by Akamai.
After having a few laughs at his expense, he was finally able to resolve the situation.
Fast forward to a few weeks later, and I am on a new engagement. The engagement itself didn’t have anything of note yet, but I noted that they were running behind Akamai. Whenever possible, I test through our lab VPN, so this is not something that I need to worry about.
With all that in mind, I go out to lunch with ch1kpee and a few others. While at lunch, I mentioned my current engagement, and we all laughed about me possibly, “pulling a Dan”.
Issues Arise
Fast forward to when I return home, and I noticed that Burp Scanner was stuck. While a bit odd, I also notice that my VPN managed to disconnect, so I thought it might just be a network issue. That said, once I reconnected to my LAN, I was still unable to hit the site.
After a bit of troubleshooting, I e-mailed the client asking if they were noticing any connection issues, and started working on the report.
Blocked
Later on in the evening I went to check my 401k, and noticed the first sign of trouble.
Remembering what Dan said, and what had happened to him, I also tried to check Delta.
At this point, I knew that I ended up on Akamai’s bad reputation list, and hacker’s girlfriend shouted up the stairs that she couldn’t get to eBay.
Troubleshooting
First, I thought that I could just change my router’s MAC address, and then TWC would give me a new DHCP lease.
Unfortunately, this did not work even after multiple reboots.
Then I gave TWC a call, and after eventually getting to level 2 support, they said that I should get a new MAC address within 24 hours.
As you can guess, I was still blocked 24 hours later.
I also managed to find more sites running Akamai, which was an interesting way of information gathering.
Resolution!
Fast forward to one more day, and I am back on the line with someone at TWC who seems fairly intelligent.
After explaining my situation to them, I give them my newest MAC address, we reboot everything, and I ended up with a new IP address!
Just to verify, I went to Delta, and was able to see their website.
Lessons learned? Make sure that the VPN is up when testing a client, and try to get IPs white-listed in the WAF regardless.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
