Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
0
Helpful
4
Replies

ASA botnet filter, akadns.org false positive?

grahamt
Level 1
Level 1

‎04-20-2011 03:11 PM - edited ‎03-11-2019 01:24 PM

I only have this particular context monitoring in this case, but if it was set to drop blacklisted packets it would be dropping all of our DNS traffic from our campus DNS servers to *.akadns.org, which seems to be an Akamai DNS infrastructure.

FYI. I guess I'll open a TAC case...

This is what conserns me about turning this on in front of our 40k users.

Labels:
0 Helpful
4 Replies 4

brquinn
Level 1
Level 1

‎04-22-2011 09:34 AM

Did you open a TAC case? It looks like the site is not rated or categorized, but is still being blocked. I don't get a response from www.akadns.org. How is this site being used and what kind of issues is it causing in your environment?

Thanks,

Brendan

0 Helpful

grahamt
Level 1
Level 1
In response to brquinn

‎04-22-2011 09:42 AM

Hi. I did open a TAC case on Wednesday. It was quickly escelated and the engineer responded that he would look into it and I haven't heard anything further.

We haven't turned on the botnet filtering for everything yet, so this was only showing up as a monitored site on the blacklist. If we were dropping it it seems like we would have lost name resolution for Akamai sites if there was no alternative hosts attempted. We have a large Akamai cluster on our campus so there were thousands of DNS to three or four nameservers in the *.akadns.org domain. I'm not sure what the impact would have been if that had been blocked.

I also whitelisted it just to avoid any issues.

0 Helpful

the-lebowski
Level 4
Level 4
In response to grahamt

‎05-16-2013 08:28 AM

Any update to this?  We are seeing the same issue from Akami. 

0 Helpful

brquinn
Level 1
Level 1
In response to the-lebowski

‎05-16-2013 08:35 AM

I believe this was resolved at the time. If you have a specific concern about a false positive, go ahead and open a case with TAC. They will need to review the website(s) and change the classification.

Regards,

Brendan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card