Mailing List Archive: AKAMAI, Re: Apple blocking all AS29852 iCloud traffic, residential gigabit last mile provider in NYC.

AKAMAI, Re: Apple blocking all AS29852 iCloud traffic, residential gigabit last mile provider in NYC.

Aug 17, 2023, 6:28 PM

Post #1 of 3 (92 views)

Additionally this appears to have a strong correlation with everything that
is hosted by Akamai Edge. Akamai, we are a fairly mundane last mile
operator...

On Thu, Aug 17, 2023, 4:58 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:

> I am directly in contact with the right people and team now.
>
> On Thu, Aug 17, 2023, 3:53 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
>
>> We have just seen a complete cut off of iCloud and Apple TV traffic and
>> functionality at AS29852.
>>
>> AS29852 (Honest) is a specialist in apartment and condominium building
>> symmetric gigabit and above residential last Mile access, based in the New
>> York city, Jersey City, and Connecticut region.
>>
>> All of the IP space that we announce to our peers and upstreams is used
>> for either residential last mile purposes, or small to medium size business
>> DIA last mile.
>>
>> A very high percentage of our customer base are avid paying iCloud users.
>>
>> If anybody at Apple is paying attention to the list, or can reach out to
>> me directly, I am happy to provide additional information.
>>
>>
>>
>>
>>

Re: AKAMAI, Re: Apple blocking all AS29852 iCloud traffic, residential gigabit last mile provider in NYC. [ In reply to ]

nanog at nanog

Aug 18, 2023, 12:38 AM

Post #2 of 3 (92 views)

Permalink

On 18 Aug 2023, at 08:28, Eric Kuhnke <eric.kuhnke@gmail.com> wrote:

Additionally this appears to have a strong correlation with everything that is hosted by Akamai Edge. Akamai, we are a fairly mundane last mile operator…

It might be a good idea to analyze your outbound traffic in order to determine if you/your customers have DDoS-capable bots and/or abusable reflectors/amplifiers on your/their networks which are being leveraged in attacks.

Re: AKAMAI, Re: Apple blocking all AS29852 iCloud traffic, residential gigabit last mile provider in NYC. [ In reply to ]

eric.kuhnke at gmail

Aug 18, 2023, 11:20 AM

Post #3 of 3 (89 views)

Permalink

We are indeed doing so. As a symmetric gigabit and above last mile provider
(we have 2.5, 5 and 10 Gbps to the home customers in Manhattan) the very
rare instances where a customer becomes compromised or a malicious traffic
source are worse than the usual.

From a network topology perspective, and for flows, AS29852 looks a lot
like a hosting company/colo company in NYC with high throughput outbound
endpoints. But we are not, we're a condo and apartment focused last mile
provider that just happens to provide ridiculously fast speed to the
customers. In terms of abuse we have the usual ongoing issues to deal with
that are faced by any provider that operates free amenity wifi in public
spaces (roof terraces, lobbies, social rooms etc) in large condo
buildings. We have some sites that are 600 suites in one building.

We just got the following from Akamai. This present issue may have been
exacerbated by something going on inside their DNS operations.

===========

Thanks for sharing the reference error, it belongs to Thu, 17 Aug 2023
17:42:04 GMT.
The traffic was not denied here due to any security rules but there were
DNS connection issues with a set of Akamai servers in North America
yesterday and the issue was mitigated.

If you are still getting reports of any issues, please share with us.

This was a widespread incident where end-users faced connection timeouts
accessing Akamai's customer sites in North America. We can confirm that the
issue is now resolved as of 19:50 UTC on August 17, 2023 and the service
has resumed normal operations.
https://www.akamaistatus.com/incidents/jfjr19vjlb3l

On Fri, Aug 18, 2023 at 12:38?AM Dobbins, Roland <
Roland.Dobbins@netscout.com> wrote:

>
>
> On 18 Aug 2023, at 08:28, Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
>
> Additionally this appears to have a strong correlation with everything
> that is hosted by Akamai Edge. Akamai, we are a fairly mundane last mile
> operator…
>
>
> It might be a good idea to analyze your outbound traffic in order to
> determine if you/your customers have DDoS-capable bots and/or abusable
> reflectors/amplifiers on your/their networks which are being leveraged in
> attacks.
>