So I have noticed many new outgoing connection requests going to various IP addresses not associated with the website or application I am using. So I looked up the IP addresses on a tracer website such as www.ip-adress.com/ip_tracer/ which shows all of the details of the IP. Apparently an organization named “Akamai Technologies” owns the IP addresses. The weird thing is, if I allow the normal website address through comodo firewall, but block the Akamai address, I am still able to access the website as usual. I’m wondering why there is an outgoing connection request for the Akamai address in the first place?
So who is “Akamai Technologies”? Has anyone else noticed similar connection requests from them as well?
They use various IP address blocks such as:
69.22.154.x
207.152.125.x
184.51.156.x
It has come to the point where I cannot start my computer, load my web browser, or use windows update without receiving connection requests from Akamai Technologies… and this is with fresh format and install of windows operating system. How is this possible? I would be interested in hearing from anyone else that has encountered them before.
Akamai are a content delivery network used my many organisations, including Microsoft themselves. So, you’re likely to see references to their distribution network even on a freshly installed version of Windows. In short, it may look worrying at first glance, but there is no need to worry about.
If they are merely a content delivery network, then why do I get connection requests simply from starting windows? Are they installing spyware on my computer?
Or if I go to a website that triggers one of Akamai’s connection requests, and I block that request, why am I still able to get to the regular website as normal without losing any content or fuctionality?
Why would microsoft need to use another company for windows update? They’re “microsoft”…
And isn’t that a security risk?
Finally, after considering these points, I ask… exactly what “content” are they delivering?
Are you talking about outgoing traffic to Akamai or incoming traffic?
Or if I go to a website that triggers one of Akamai's connection requests, and I block that request, why am I still able to get to the regular website as normal without losing any content or fuctionality?
Can you show an example of such a request?
Why would microsoft need to use another company for windows update? They're "microsoft"...
Outsourcing a none core activity. The Comodo Cloud has had a couple hosting companies over the past couple of years. AVG av definitions updates would come from Akamai years ago. They may still be hosted there for all I know.
And isn't that a security risk?
Not more than with any other big hosting company.
Finally, after considering these points, I ask... exactly what "content" are they delivering?
Typically updates and downloads. Akamai has servers all over the world providing load balancing to make sure downloads get distributed efficiently to customers.
When I first read about Akamai some 8 years ago it was estimated that 15 % of the webtraffic was delivered by them. Source.
I am not concerned about traffic from Akamai. No malware maker could afford to host their files there I guess.
OK, it has been a while since my original post. I wanted to ride out my new OS installation and document exactly what is happening with this situation.
At this point Akamai has totally hijacked my browser. Whenever I load IE I receive an outgoing connection request. Further more, when I go to ANY website I receive another outgoing connection request to a different IP address than the first. I’m talking even Google.com triggers Akamai connections. So why would Google need to outsource their hosting? It’s just text. No, like I said, Akamai has completely hijacked my browser and is attacking me from various IP blocks.
They are not delivering content, they are installing spyware/virii onto my computer without my consent and without my installing any applications.
So how do you explain so many connection requests?
Again, I get outgoing Akamai connection requests immediately when I start windows.
I get outgoing Akamai connection requests when I start my browser.
I get outgoing Akamai connection requests when I go to any website.
I get outgoing Akamai connection requests when I try to use microsoft update.
You are certainly entitled to your opinion, especially being the moderator of Comodo forums.
However I would really like to hear from other users of this forum. Am I the only one who has so much activity with Akamai?
Okay, since you cannot explain the connection requests Comodo should consider them irregular. Denying the request does not “spoil the show”. Like I mentioned previously, even when I deny them I am still able to get to the website as regular. So there is no need to allow the Akamai connection request in the first place. I have looked at the source code for the web pages and there is no mention of any kind of Akamai related javascript plugins or any other sort of code and content. So again, I ask, what content are they delivering?
Also, is anyone else being tracked by Akamai other than me?
Comodo has not said that they can’t explain, please remember I am just a General user like yourself.
I do not speak for Comodo.
If these requests are of real concern I would consider following the final step in the link in my previous post. I still have questions unanswered after completing the aforementioned recommendations, what should I do?
They should at least be able to shed some light.
Please note: I am not trying to pass the buck, I am just showing what I think would be the best approach to find out about these connections.
Thanks.
I would like to know more about this…I see pc’s sending info to akamai…now the question is why and what software (exe, etc) is starting this traffic? It does use port 80…i am not happy with anything using OUR resources this way. (pc, bandwidth, etc.) I am not going to accept that it is just traffic for content delivery. If stopped creates zero problems…comodo should adapt it and advertise akamai blocker.
Akamai is one of the myriad of hosts that provide edge caching technology on the interwebs.
When MS releases updates on patch Tuesday, where do those come from? The ISP and telecom companies that own and maintain the interweb backbone itself distribute those updates across the globe.
One of the edge caching technology providers is Hurricane Electric. Its an electric utility in California. Updates are served up based on load balancing networks on the interweb backbone. When people in NYC & San Fran look to get the latest critical updates to Java, millions of people simultaneously are not getting downloads from Oracle’s servers.
The ISP or telecom providers having the network capacity cache those updates locally. Akamai is one company that provides that service.
Not much you can do about it since for the most part, SVCHost is the biggest offender. By default it lives in the Windows System Applicatoin file-group having Windows System Application predefined policy resource access permissions.
I’ve excised SVCHost into its own custom policy D+ rule-set. There are:
run executable: 17
process termination: 1
Device Driver Installation: 2
Protected Registry keys: 148
Protected files / folders: 89
The firewall rules for SVCHost comprise:
58 single / address range rules to port 80 or 443 or both
including 48 network zones to either port 80, 443 or both
The domain range owner for these IP or network zones comprise:
Akamai
AkamaiTech
Akamai-PA
Bandcon
Bandcon / Akamai (bandcon owns the larger superset of domains within which Akamai operates)
Bosch
Beyond the Network America eurorings.net llnw.net
FRANCE msecn.net PCCWGlobal.net
QWest
QWest (shared by SVCHost & jaucheck, ie., Java updater)
USA
Hurricane Electric
Level 3
Level 3 (shared by CIS & SVCHost)
MS 1BLK
NTT America
NTT America (shared by SVCHost & Adobe Reader)
QWest / Akamai (shared by CIS & SVCHost)
QWest Inet-9
QWest Inet-10
QWest Inet-11
QWest Inet-17
NLayer
AKamaiTech (for Adobe ARM)
MS 1BLK (share ports 80/443) MSECN.net (shares ports 80 / 443) MSGlobal.net (SVCHost shares ports 80/443)
AkamaiTech (SVCHost shares ports 80/443)
AkamaiTech (Adobe ARM - port 443 only)
Level 3 (SVCHost / Adobe ARM - port 443 only)
MS1BLK (SVCHost port 443 only)
MS GFS (SVCHost port 443 only) msecn.net (port 443 only)
TCP traffic by SVCHost to DNS (in addition to default UDP to DNS) on port 53
For the most part, SVCHost is fat dumb and happy (as am I); every one of those IP domain owners are the very companies that provide the interweb backbone itself.
