Akamai WAF
Carter Bullard
carter at qosient.com
Thu Oct 18 04:28:00 EDT 2018
Hey Monah,
The name is coming from ratop.1 doing a reverse lookup of the address from the DNS server you are configured to use. Turn off name resolution to see what IP address argus is reporting, then point your system DNS to a server that will give you local names.
Carter
Carter Bullard • CTO
150 E 57th Street Suite 12D
New York, New York 10022-2795
Phone +1.212.588.9133 • Mobile +1.917.497.9494
> On Oct 17, 2018, at 6:47 PM, Monah Baki <monahbaki at gmail.com> wrote:
>
> Hi all,
>
> We are using akamai WAF services to protect our webserver. Currently running the latest argus/client on the webserver. When running ratop, the SrcAddr shows only the akamai IP (a23-212-3-119.deploy.static.akamaitechn*) hitting our webserver.
> Akamai confirmed True-Client-IP is enabled and we should be able to see the real IP in the request header. Can I get this info when using ratop?
>
>
> Trans StartTime SrcAddr Sport sCo DstAddr Dport dCo srcUdata dstUdata
> 14 12:42:39.209029 a23-212-3-119.deploy.static.akamaitechn*.49057 US www.ntis.gov.https ZZ s[50]=............s~V-...Tl....x..`...<.#.4^.+..a ..+... d[50]=....Y...U..[.f...=...|.I....:.t..?..:Yc...& O.-G].
> 2 12:45:50.752456 a23-212-53-84.deploy.static.akamaitechn*.61219 US www.ntis.gov.https ZZ s[50]=...........g.....E{.K.:S.4..4.e.F_..^.A."Rx o#Rr&3 d[50]=....Q...M..[.g>.....*..... ....G.as.V..y..d o#Rr&3
>
>
> Thanks
> Monah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20181018/a7edeab7/attachment.html>
More information about the argus
mailing list