RE: AkamaiGhost

From: Bassett, Mark (mbassett@omaha.com)
Date: Thu Oct 02 2003 - 18:20:01 EDT


Akamai hosting hosts very large sites to help load balance.

Nslookup www.microsoft.com
Name: a562.cd.akamai.net
Addresses: 81.52.248.105, 81.52.248.113, 81.52.248.96
Aliases: www.microsoft.com, www.microsoft.com.edgesuite.net

Mark Bassett
Network Administrator
World media company
Omaha.com
402-898-2079

-----Original Message-----
From: Jeremy Junginger [mailto:jj@act.com]
Sent: Wednesday, October 01, 2003 1:40 PM
To: pen-test@securityfocus.com
Subject: AkamaiGhost

I have recently stumbled across a webserver that I have not seen very
much in
the past, and would like to get some input on the architecture of the
application if any of you have seen it during your penetration testing
(feel
free to include archived pen-test/vuln-dev links) .

The webserver is AkamaiGHost, which, I think stands for Akamai Global
Host.
As I understand it, the server is an "internally developed" application
that
is designed to serve as a "geographically co-located caching server" for
your
website. Basically, they mirror your site on a server at different
ISP/POPs
to deliver the content faster from a closer location.

The host is certainly a Linux machine, as far as IP stack fingerprinting
goes, but ONLY port 80 permitted to the host (at least only TCP port 80,
I
have not yet run a UDP scan on the machine)...so it begins... :)

At any rate, I would like to know if any of you have conducted pen-tests
against such a host, and your experiences if you have. Thanks, and have
a
great day.

Oops, almost forgot, the nessus and amap scans were inconclusive (other
than
"HTTP is open"), and here is some HTML output from a few
requests...nothing
too great...just 400 responses :)

HEAD / HTTP/1.0 yields the following:

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 132
...
Connection: close

GET /stuff /HTTP/1.0 gets the following response:

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 136
...
Connection: close

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "&#47;stuff", is invalid.<p>
</BODY></HTML>

Thoughts?

-Jeremy

This e-mail message and all attachments transmitted with it may be
confidential
and are intended solely for the addressee(s). If you are not the
intended recipient
or the person responsible for delivering it to the intended recipient,
you are
hereby notified that any reading, dissemination, distribution, copying,
or other
use of this message or its attachment(s) is strictly prohibited. If you
receive
this email in error, please immediately notify the sender of the message
or
Best Software, Inc. by e-mailing postmaster@bestsoftware.com and destroy
all copies
of this message. Best Software, for the protection of our internal
systems and
those of our customers, does block most email attachments.

------------------------------------------------------------------------

---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT