End User FAQ

Find the answers to some of our end users' Frequently Asked Questions.

End User FAQ

Akamai serves web content and applications for many of the world's leading enterprises and government agencies, including Apple, FedEx, Trend Micro, Yahoo, Microsoft, and over 2,800 others. We do not provide network server access to our customers, and are not an ISP who provides Internet access. All of our content delivery network (CDN) servers are designed to deliver web content and none are directly accessible by "users" or "customers". Below is some useful information that should assist in explaining why you'd see certain Akamai traffic on your computer.

If the FAQ responses and working with your internet and software suppliers do not answer your questions and you want Akamai to investigate further, send the information and contact us at the address noted below.

> My firewall has blocked Internet access to my computer on TCP Port #### from port 80 of your company's server. Why?
When you connect to a site that is "Akamaized," your browser downloads an HTML file containing embedded URLs that tell your browser that some of the objects necessary to finish displaying the page are located on Akamai servers. Next, your browser contacts an Akamai server to obtain these images or streaming content. Since the contact is made from port 80 of our server, this transaction is a legitimate HTTP connection. Generally a TCP service runs on a server on a well-known port number less than 1024; in this case the service is httpd and it runs on port 80. A client connects with a random port number greater than 1023 that is assigned by the local operating system. For example, your operating system can open up ports 1566, 1567, and 1568 to all connect to port 80 of our web server to retrieve 3 images. 

> My Firewall is reporting an "Unknown" Akamai Connection from port 443 of your server. Why?
When you connect to a site that is "Akamaized" with SSL content (Secure Sockets Layer), your browser downloads an HTML file containing embedded URLs that tell your browser that some of the objects necessary to finish displaying the page are located on Akamai servers. Next, your browser contacts an Akamai server to obtain these images or streaming content. Since the contact is made from port 443 of our server, this transaction is a legitimate HTTPS connection. Generally a TCP service runs on a server on a well-known port number less than 1024; in this case SSL service runs on port 443. A client connects with a random port number greater than 1023 that is assigned by the local operating system.

> My Firewall is reporting an "Unknown" Akamai Connection from port UDP 554. Why?
When you receive a Real stream that is served by Akamai via RTSP (Real Time Streaming Protocol), your Real Player will make contact with UDP port 554 of our server. This transaction is a legitimate RTSP connection.

> My Firewall is reporting an "Unknown" Akamai Connection from TCP Port 8080. Why?
When you receive a Real stream that is served by Akamai via HTTP (Hyper Text Transfer Protocol), your Real Player will make contact with TCP port 8080 of our server. This transaction is a legitimate HTTP connection.

> My Firewall is reporting an "Unknown" Akamai Connection from UDP source port 2000/2001 to UDP ports 6970-6999 on my system. Why are you port scanning me?
When you receive a QuickTime stream that is served by an Akamai via RTP/RTSP (Real Time Transport Protocol/Real Time Streaming Protocol), a contact will be made from UDP port 2000/2001 of our server to UDP ports 6970-6999 of the client. This transaction is a legitimate RTP/RTSP connection and should not be interpreted as a UDP port scan.

> My Firewall is reporting an "Unknown" Akamai connection from TCP source port 1755 of your server. Why?
When you receive a Microsoft Windows Media stream that is served via MMS (Microsoft Media Server Protocol), a contact will be made from source port 1755 of our server. This is a legitimate MMS (Microsoft Media Server Protocol) connection. > Why am I seeing "Contacting a###.g.akamai.net..." flash in the status bar of my browser? When you connect to a site that is "akamaized," your browser downloads an HTML file containing embedded URLs that tell your browser that some of the objects necessary to finish displaying the page are located on Akamai servers. Next, your browser contacts an Akamai server to obtain these images or streaming content. The status bar of your browser is displaying this activity.

> Our firewall has detected that Akamai-controlled IP addresses are attempting to access our IP address via a number of different ports. This seems to be an attack. What is going on?
The messages you see indicate that users behind your firewall are running the Akamai NetSession Interface. The Akamai NetSession Interface is a download manager client that is used on behalf of an Akamai customer to download software or other digital content. The Akamai NetSession Interface uses both TCP and UDP based protocols to download content and facilitate connectivity through network devices such as proxies, firewalls & NAT (network address translation) devices.

> I still have questions unanswered after completing the aforementioned recommendations, what should I do?
If after reviewing our FAQ, and working with your Internet and Software vendors, you would like Akamai to investigate the traffic you're seeing; here are the steps and information needed to provide a thorough investigation. Please collect your firewall or software logs, in a text file, containing 

  • The source IP and port 
  • Destination IP and port 
  • TCP flags 
  • And timestamp with time zone of suspicious traffic
Then, email this information to abuse@akamai.com. A dedicated team responsible for investigating, responding, and escalating reported abuse monitors this email distribution list. There is no phone escalation available, as we have found that the abuse@akamai.com list has been extremely effective in diagnosing and addressing abuse issues.