Apple blocking all AS29852 iCloud traffic, residential gigabit last mile provider in NYC.
We have just seen a complete cut off of iCloud and Apple TV traffic and functionality at AS29852. AS29852 (Honest) is a specialist in apartment and condominium building symmetric gigabit and above residential last Mile access, based in the New York city, Jersey City, and Connecticut region. All of the IP space that we announce to our peers and upstreams is used for either residential last mile purposes, or small to medium size business DIA last mile. A very high percentage of our customer base are avid paying iCloud users. If anybody at Apple is paying attention to the list, or can reach out to me directly, I am happy to provide additional information.
I am directly in contact with the right people and team now. On Thu, Aug 17, 2023, 3:53 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
We have just seen a complete cut off of iCloud and Apple TV traffic and functionality at AS29852.
AS29852 (Honest) is a specialist in apartment and condominium building symmetric gigabit and above residential last Mile access, based in the New York city, Jersey City, and Connecticut region.
All of the IP space that we announce to our peers and upstreams is used for either residential last mile purposes, or small to medium size business DIA last mile.
A very high percentage of our customer base are avid paying iCloud users.
If anybody at Apple is paying attention to the list, or can reach out to me directly, I am happy to provide additional information.
Additionally this appears to have a strong correlation with everything that is hosted by Akamai Edge. Akamai, we are a fairly mundane last mile operator... On Thu, Aug 17, 2023, 4:58 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
I am directly in contact with the right people and team now.
On Thu, Aug 17, 2023, 3:53 PM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
We have just seen a complete cut off of iCloud and Apple TV traffic and functionality at AS29852.
AS29852 (Honest) is a specialist in apartment and condominium building symmetric gigabit and above residential last Mile access, based in the New York city, Jersey City, and Connecticut region.
All of the IP space that we announce to our peers and upstreams is used for either residential last mile purposes, or small to medium size business DIA last mile.
A very high percentage of our customer base are avid paying iCloud users.
If anybody at Apple is paying attention to the list, or can reach out to me directly, I am happy to provide additional information.
On 18 Aug 2023, at 08:28, Eric Kuhnke <eric.kuhnke@gmail.com> wrote: Additionally this appears to have a strong correlation with everything that is hosted by Akamai Edge. Akamai, we are a fairly mundane last mile operator… It might be a good idea to analyze your outbound traffic in order to determine if you/your customers have DDoS-capable bots and/or abusable reflectors/amplifiers on your/their networks which are being leveraged in attacks.
From a network topology perspective, and for flows, AS29852 looks a lot
We are indeed doing so. As a symmetric gigabit and above last mile provider (we have 2.5, 5 and 10 Gbps to the home customers in Manhattan) the very rare instances where a customer becomes compromised or a malicious traffic source are worse than the usual. like a hosting company/colo company in NYC with high throughput outbound endpoints. But we are not, we're a condo and apartment focused last mile provider that just happens to provide ridiculously fast speed to the customers. In terms of abuse we have the usual ongoing issues to deal with that are faced by any provider that operates free amenity wifi in public spaces (roof terraces, lobbies, social rooms etc) in large condo buildings. We have some sites that are 600 suites in one building. We just got the following from Akamai. This present issue may have been exacerbated by something going on inside their DNS operations. =========== Thanks for sharing the reference error, it belongs to Thu, 17 Aug 2023 17:42:04 GMT. The traffic was not denied here due to any security rules but there were DNS connection issues with a set of Akamai servers in North America yesterday and the issue was mitigated. If you are still getting reports of any issues, please share with us. This was a widespread incident where end-users faced connection timeouts accessing Akamai's customer sites in North America. We can confirm that the issue is now resolved as of 19:50 UTC on August 17, 2023 and the service has resumed normal operations. https://www.akamaistatus.com/incidents/jfjr19vjlb3l On Fri, Aug 18, 2023 at 12:38 AM Dobbins, Roland < Roland.Dobbins@netscout.com> wrote:
On 18 Aug 2023, at 08:28, Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Additionally this appears to have a strong correlation with everything that is hosted by Akamai Edge. Akamai, we are a fairly mundane last mile operator…
It might be a good idea to analyze your outbound traffic in order to determine if you/your customers have DDoS-capable bots and/or abusable reflectors/amplifiers on your/their networks which are being leveraged in attacks.
participants (2)
-
Dobbins, Roland -
Eric Kuhnke