case study: time line of ddos campaigns against mit issue date · signatures from other ddos attack...
TRANSCRIPT
1
CaseStudy:Time LineofDDoScampaignsagainstMITAuthoredbyWilberMejia,AkamaiSIRT
1.0/OVERVIEW/This publicationdetailsaseriesofDDoSattackcampaignsagainsttheMIT(MassachusettsInstituteofTechnology)network.Sofarin2016,MIThasreceivedmorethan35DDoScampaignsagainstseveraldifferenttargetswhichhavebeenmitigatedbyatleastoneofourcloudsolutions.
FurtherinvestigationbyAkamaiSecurity Intelligence Response Team (SIRT) revealedthatcloseto43%ofattackvectorsleveragedduringthesecampaignsincludedDDoSreflectionandamplification.ThefullvectorlistconsistedofACK,CHARGEN,DNS,GET,ICMP,NTP,NETBIOS,RESERVEprotocol,SNMP,SSDP,SYN,TCPanomaly,UDP,andUDPFRAGMENTfloods.AttackerstargetedmultipledestinationIPswithintheMITnetworkduringthecampaigns.AttacksoriginatedfromacombinationofdevicesvulnerabletoreflectionabuseandspoofedIPsources.ThefullvectordistributionbreakdownforallattacksislistedinFigure4.
TheanalysisisbasedonfingerprintedsignaturescollectedfromattackreportsaswellasthesourceIPsfromourmitigationdevices.Thelargestattackcampaignpeakedat295Gbpsand consistedofonlyaUDPfloodattackvector.Priortothat,thelargestattackpeakedat89.35 GbpsusingacombinationofUDPflood,DNSflood,andUDPfragmentattackvectors.Duringthiscampaign,attackerstargetedatotalofthreedestinationIPaddresses.Theseattacktypeshavecommonlybeenincludedinsitesofferingso-calledbooterorstresserservices.
UDPandDNSreflectionsattackvectorsgeneratedthemajorityofattacktrafficfromtheinvestigatedcampaigns.However,onMay6, 2015,MITexperiencedaverylargeDDoScampaignwhichincludedaspecificpaddedSYNflood.Additionalinformationsurroundingthiscampaignisdescribedinmoredetailwithinthe2015attackssectionoftheStateoftheInternet-SecurityReport.
2.0/HIGHLIGHTEDATTACKCAMPAIGNATTRIBUTES/AlthoughXorDDoSBOTNETattackswerepersistent,theydidnotproducethelargestamountofmalicioustrafficagainstMIT.Asmentionedpreviously,thelargestattackpeakedat295Gbps|58.6Mppswhiletheattackpeakedat89.35Gbps|8.37Mpps.Thelatterattackwaslaunchedusingattacksandtoolscommonlyofferedinbooter/stressersuites.The295GbpsattackwascomprisedofaspecificUDPfloodsignaturewhichisbelievedtobepartofamalwarevariantknownasSTD/Kaiten.AnongoinginvestigationisbeingconductedbyAkamaiSIRTregardingthismalware.Listedbelowaresomecampaignhighlights:
TLP:WHITE
IssueDate:7.22.2016
2
LARGESTATTACKCAMPAIGN ● EventTimeStart:June7,201622:48:55UTC● EventTimeEnd:June8,201617:04:04UTC● Peakbandwidth:295Gigabitspersecond● Peakpacketspersecond:58.6MillionPacketspersecond● AttackVector:UDPFlood,UDPFragment,DNSFlood● Sourceport:randomized● Destinationport:80
UDPFlood: 22:48:55.057813IPx.x.x.x.48679>x.x.x.x.80:UDP,length600 22:48:55.057815IPx.x.x.x.46076>x.x.x.x.80:UDP,length600 22:48:55.057819IPx.x.x.x.34698>x.x.x.x.80:UDP,length600 22:48:55.057848IP181.136.97.12.34161>x.x.x.x.80:UDP,length600 22:48:55.057853IP181.136.97.12.34161>x.x.x.x.80:UDP,length600 22:48:55.057863IP201.232.6.199.44219>x.x.x.x.80:UDP,length600
23:58:08.871990IPx.x.x.x.4751>x.x.x.x.80:UDP,length1 23:58:08.871999IPx.x.x.x.4751>x.x.x.x.80:UDP,length1 23:58:08.872005IPx.x.x.x.4751>x.x.x.x.80:UDP,length1 23:58:08.872011IPx.x.x.x.4751>x.x.x.x.80:UDP,length1 23:58:08.872014IPx.x.x.x.4751>x.x.x.x.80:UDP,length1 23:58:08.875194IPx.x.x.x.4751>x.x.x.x.80:UDP,length1 Figure1:LargestdocumentedUDPFloodcampaignagainstMIT
SECOND-LARGESTATTACKCAMPAIGN
● EventTimeStart:April2,201604:17:00UTC● EventTimeEnd:April2,201614:45:11UTC● Peakbandwidth:89.35Gigabitspersecond● Peakpacketspersecond:8.37MillionPacketspersecond● AttackVector:UDPFlood,UDPFragment,DNSFlood● Sourceport:53,randomized● Destinationport:randomized
UnlikeXor,thesekindsofattacksaremoreaccessibletoamuchlargerpopulationofmaliciousactors.Thefact,isalmostanyonewithmotivationandenoughknowledgetodeterminetheIPoftheirtargetcanlaunchtheseattacksatlowcost.ArecentlookatpricingonpopularsitesofferingDDoS“stresser”servicesshowthis attackcanbeperformedforaslittleas$19.99USD/month.
3
Figure2:Examplebootersitepricingplans
Figure3containsall oftheattacksignaturesusedinthespecifiedDDoSattack.Inparticular,thesignaturerevealsthedomainsabusedfor theamplificaitonofattackreponsesincludedcpsc.govandisc.org.Inaddition,thesedomainsmakeuseofDNSSEC.ArecentAkamaiSIRTadvisorydetailstheincreasesinuseofDNSSEC-poweredreflectionattacks.TheseDNSattackshavebeenwidespreadacrossmultipleindustriesincludinggamingandfinancialservices.Thedomainownersthemselvesarenotatfaultanddon'tfeeltheeffectsoftheseattacks.AttackersabuseopenresolversbysendingabarrageofspoofedDNSquerieswheretheIPsourceissettobetheMITtargetIP.Mostoftheseserverswillcachetheinitialresponsesomultiplequeriesarenotmadetotheauthoritativenameservers.
DNSreflectionflood 04:17:11.736254IPx.x.x.x.53>x.x.x.x6007:45488|22/0/0DNSKEY,AAAA2600:803:240::2,A63.74.109.2,TXT"v=spf1ip4:63.74.109.6ip4:x.x.x.xip4:x.x.x.xmxa:REDACTED
04:17:11.736257IPx.x.x.x.53>x.x.x.x.30267:43542/2/0NSREDACTED.(105)
04:17:11.736276IPx.x.x.x.53>x.x.x.x7519:45488|22/0/0Type51,RRSIG,DNSKEY,DNSKEY,DNSKEY,DNSKEY[|domain]
04:17:11.736287IPx.x.x.x.53>x.x.x.x.44609:4354|22/0/0RRSIG,A63.74.109.2,TXT"v=spf1
04:20:08.919421IPx.x.x.x.53>x.x.x.x.51286:5215613/4/2SPF,DNSKEY,DNSKEY,NAPTR,TXT"v=spf1amxip4:x.x.x.x/21ip4:x.x.x.x/16ip6:2001:04F8::0/32ip6:xxx:xxx:xx::xx/128~all",REDACTED
04:20:08.920044IPx.x.x.x.53>x.x.x.x.15097:6481213/4/2MX)REDACTED
UDPfragmentflood 04:17:11.736255IPx.x.x.x>x.x.x.x:udp 04:17:11.736279IPx.x.x.x>x.x.x.x:udp 04:32:25.135792IPx.x.x.x>x.x.x.x:udp 04:32:25.135794IPx.x.x.x>x.x.x.x:udp Figure3:Second-largestdocumentedDNSreflectioncampaignagainstMIT
AllthreeidentifiedsignaturesarerelatedtotheuseofDNSreflectionandamplification.Thelargestresponsesizeofdomainsusedintheattackarelargerthan4,000bytes.ThiscausesfragmentedUDPresponsesduetosurpassingtheMTUsizelimit.Inaddition,theopenresolversatsomepointresponded
4
onrandomsourceports,creatingwhatappearedtobeaUDPflood.ThisfloodcontainedpartsoftheDNSresponsesaswell.
3.0/SAMPLESIGNATURESFROMALLATTACKCAMPAIGNS/InFigure4wehaveincludedattacksignaturesfromotherDDoSattackcampaignslaunchedagainstMIT.Someoftheseareattributedtospecificattacktoolsormalwareasnotedwithintheassociatedheading.Allofthereflectionattacksincludedtypicallyhaveknownattackscriptsnamedaftertheprotocolbeingabusedforreflection.AkamaiSIRThasidentifiedseveral attack scriptsbasedonactivereflectedDDoScampaignsmitigatedthroughouttheyears.
tcpanomaly(noflagflood) 06:16:47.376148IPx.x.x.x.14009>x.x.x.x.63774:Flags[],win16384,length0 06:16:47.376167IPx.x.x.x.42368>x.x.x.x.14547:Flags[],win16384,length0
udpflood 00:09:07.369811IPx.x.x.x.54235>x.x.x.x.80:UDP,length1 00:09:07.369815IPx.x.x.x.34839>x.x.x.x.80:UDP,length1
udpflood-ValveSourceEngineserverattack 05:12:50.302018IPx.x.x.x.10900>x.x.x.x.80:UDP,length25 .e..E(.5......7F.,1...4Z*..P.!......TSourceEngineQuery. 05:12:50.302023IPx.x.x.x.50567>x.x.x.x.80:UDP,length25 .e..E(.5/.............4Z...P.!......TSourceEngineQuery.
udpflood-KaitenIRCbot 01:21:07.454468IPx.x.x.x.48969>x.x.x.x.80:UDP,length50 ....E..NkI@.=...mW....4d.I.P.:..std.PRIVMSG%s:[STD]Donehitting%s! ..PRIVMSG%s 01:21:07.454578IPx.x.x.x.45279>x.x.x.x.80:UDP,length50 ....E..N..@.:.&.[..k..4d...P.:.gstd.PRIVMSG%s:[STD]Donehitting%s! ..PRIVMSG%s reservedprotocolflood 09:05:17.104369IPx.x.x.x>x.x.x.x:ip-proto-25540 09:05:17.104391IPx.x.x.x>x.x.x.x:ip-proto-25540
icmpflood 05:56:30.132249IPx.x.x.x>x.x.x.x:ICMPechorequest,id0,seq0,length1052 05:56:30.132318IPx.x.x.x>x.x.x.x:ICMPechorequest,id0,seq0,length33 05:56:30.132327IPx.x.x.x>x.x.x.x:ICMPechorequest,id0,seq0,length33
ackflood 21:26:26.747124IPx.x.x.x.1313>x.x.x.x.64:.ack1599122023win65535 21:26:26.747126IPx.x.x.x.1299>x.x.x.x.54:.ack2431016982win65535
synflood 19:41:27.945435IPx.x.x.x.30739>x.x.x.x.80:Flags[S],seq3212705792,win0,length0 19:41:27.945449IPx.x.x.x.14150>x.x.x.x.80:Flags[S],seq2408579072,win0,length0
04:00:29.021344IPx.x.x.x.834>x.x.x.x.80:Flags[S],seq674742734,win16384,length0 04:00:29.021350IPx.x.x.x.834>x.x.x.x.80:Flags[S],seq674742744,win16384,length0
5
synflood-dominateattackscript 22:46:18.939811IPx.x.x.x.50991>x.x.x.x.80:Flags[SEW],seq2223243264,win65535,length0 22:46:18.939817IPx.x.x.x.5076>x.x.x.x.80:Flags[SEW],seq3714842624,win65535,length0
Reflectionbasedattacks(notincludingDNS)
ntpflood 03:10:07.762377IPx.x.x.x.123>x.x.x.x.59007:NTPv2,Reserved,length440 03:10:07.762520IPx.x.x.x.123>x.x.x.x.3955:NTPv2,Reserved,length440
ssdpflood 04:32:27.704362IPx.x.x.x.1900>x.x.x.x.80:UDP,length326 04:32:27.704387IPx.x.x.x.1900>x.x.x.x.80:UDP,length314 04:32:27.704411IPx.x.x.x.1900>x.x.x.x.80:UDP,length268 04:32:27.704436IPx.x.x.x.1900>x.x.x.x.80:UDP,length268 04:32:27.704461IPx.x.x.x.1900>x.x.x.x.80:UDP,length290
snmpflood 00:37:05.109903IPx.x.x.x.161>x.x.x.x.80:[len1468x.x.x.x.80:[len1468.U.....P...0.......public.....S.........0..0-..+........!EdgeOSv1.7.0.4783374.150622.15340...+........ ..+.......C..0........C.SD.h0...+........."[email protected]"0...+.........router-sflanxxxx...+........
chargenflood 16:11:12.127001IPx.x.x.x>x.x.x.x:udp [email protected]_STUVWX pqrstuvwxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXY qrstuvwxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ rstuvwxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[ stuvwxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\ tuvwxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\] uvwxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^ vwxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ wxyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_` xyz{|}!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a
netbiosflood 15:41:44.528687IPx.x.x.x.137>x.x.x.x.80:NBTUDPPACKET(137):QUERY;POSITIVE;RESPONSE;UNICAST 15:41:44.528706IPx.x.x.x.137>x.x.x.x.80:NBTUDPPACKET(137):QUERY;POSITIVE;RESPONSE;UNICAST Figure4:Attack-signaturesamplesforcampaignslaunchedagainstMIT
BetweenthetimeframeofAugust2013-April2016,MIThasreceivedatotalof74DDoScampaignswithacombinationof121attackvectors.InFigure5weseethebreakdownofallthevectorsleveraged.
6
Figure5:Attackvectorpercentagebreakdown
Agoodportionoftheseattacksusedreflection-basedattackvectors.Thesereflectorsarenotnecessarilyownedoracquiredbythemaliciousactors,rathertheyareabusedforuseintheseattacks.ForattacksagainstMIT,thereflectorpopulationwasmostlyconcentratedinChina.InFigure6,thedistributionshownisbasedon18,825uniquesourcesofreflectorsobservedduringMITattacksandtheircountryoforigin.Chinaalonehadthehighestnumberofreflectorsforasinglecountryinrelationtoallothercountrieswherereflectorsweresourced.
Figure6:Distributionofreflectorswhichtotaled18,825uniquesources
7
4.0/ATTACKCAMPAIGNSIN2015/In2015,30DDoScampaignsweredetectedandmitigatedoverourdistributedscrubbingcenters.OneofthelargestDDoSattackcampaignsoccurredonMay5,2015consistingofanXorbotnetSYNFlood.
● EventTimeStart:May5,201500:00:00UTC● EventTimeEnd:May6,201501:16:48UTC● Peakbandwidth:41.5Gigabitspersecond● Peakpacketspersecond:5.5MillionPacketspersecond● AttackVector:SYNFlood● Sourceport:Random● Destinationport:80
ThisvectorisconfirmedtobeproducedbytheXorDDoSmalware.Thiswasthelastofaseriesof4attacksfromthisbotnet.AlaterattackfollowedinDecember.InparticularthemalwareisofChineseorigin.AttacksmatchingthispayloadhavemostlytargetedorganizationsinAsia.ThefewcasesofattacksoutofAsiaindicatethebotnetwasundercontrolbymaliciousactorsoperatingoutofChina.ThisbotnetwasbelievedtohavebeentakendownfollowingreportsofarrestsmadeinChinaregardingtheuseofthebotnetinattacks.
Althoughattacksdidstopshortlyafterthosereports,someattacksusingthismalwarearestartingtooccuragainthisyear,althoughatamuchlowerbandwidthpeaks.Figure7providesbandwidthandtimelineofXor-specificattacks.ThebotnetattacksconsistedofSYNfloodtraffic.
Fig7-xorattacktimelinewithpeakGbpsandMpps
5.0/ATTACKTOOLS-XORDDOSANDOTHERS/AkamaiSIRTwasabletoobtainandanalyzeasampleofthexorDDoSmalwaresampleusedintheSYNfloodattackcampaignagainstMIT.AfullcopyoftheXorDDoSthreatadvisorycanbefoundhere.
8
Thefollowingrepresentsapacketsampleasseeninthewiresharkprotocolanalysistool.Thecharacteristicsobservedmatchedexactlywiththexorpayloadattacks.
Figure8:Xorpacketsamplewith3flagsset.
XORSYNFlood 07:43:00.790843IPx.x.x.x.29868>x.x.x.x.80:Flags[S],seq1957463376:1957464272,win65535,length89607:43:00.790843IPx.x.x.x.63903>x.x.x.x.80:Flags[S],seq4188011121:4188012017,win65535,length89607:43:00.790844IPx.x.x.x.44652>x.x.x.x.80:Flags[S],seq2926328590:2926329486,win65535,length89607:43:00.790846IPx.x.x.x.14450>x.x.x.x.80:Flags[S],seq947050872:947051768,win65535,length89607:43:00.847578IPx.x.x.x.52587>x.x.x.x.80:Flags[S],seq3446345520:3446346416,win65535,length89607:43:00.847579IPx.x.x.x.36150>x.x.x.x.80:Flags[SE],seq2369138793:2369139689,win65535,length89607:43:00.847579IPx.x.x.x.25421>x.x.x.x.80:Flags[S],seq1666031903:1666032799,win65535,length89607:43:00.847581IPx.x.x.x.18694>x.x.x.x.80:Flags[SE],seq1225191529:1225192425,win65535,length89607:43:00.847581IPx.x.x.x.45937>x.x.x.x.80:Flags[SW],seq3010528554:3010529450,win65535,length89607:43:00.847582IPx.x.x.x.20853>x.x.x.x.80:Flags[SEW],seq1366671372:1366672268,win65535,length89607:43:00.847582IPx.x.x.x.7638>x.x.x.x.80:Flags[SEW],seq500597574:500598470,win65535,length896
Fig9-Attackpayloadtrafficsamples-XorSYNflood
TheintentionofthemalwarecreatorwastocreateapaddedSYNflood.Insomecases,variousotherflagsareappliedtotheTCPheader.TheextraflagsthatoccurareduetoerrorsintheconstructionoftheTCPheader.TheTCPheaderoptionsarealwaysstaticbutaresometimesplacedinthewronglocationsduetoheadersizecalculationerrors.
Asidefromthexormalware,mostoftheattackscriptsavailablearewrittenintheCprogramminglanguage.ThevariousSYNfloodattackscriptsseemtobebasedonorsharethesamecode.Thesearethetypesofattackstypicallyavailableonbooter/stressersites.CommonSYNfloodscriptsincludeESYN,XSYN,andDOMINATE.OneobviousexampleofsharedorreusedcodeisobservedinacommentwithintheDOMINATEscript.Figure10containsthecommentfoundinoneofthescripts,indicatinghowsimilartheseare.
9
/*"DOMINATE"AttackScript,thisscriptwassodifficulttomake,itrequiredtakingtheverypublicESSYN attackscript,andreplacing"tcph->res2=1;"to"tcph->res2=3;"inthe"setup_tcp_header"function. Anybodywhopurchasedthisscriptfor$300BTC,yup,it'sliterallychanginga1toa3.
Leaked/MadebyAndyQuez,Arealmexianhero. */ Figure10:DOMINATEattackscriptcommentindicatingcodere-use.
Inaddition,allscriptsrandomlygeneratespoofedsourceaddressesandinmostcasesrandomizesourceports.
For UDP-based reflection attacks, the various attack script code also borrows from other reflectionattack scripts. For example, in the next figure themost common change is the request payload anddestinationport.
SSDPattackscriptquery: udph->dest=htons(1900); udph->check=0; strcpy((void*)udph+sizeof(structudphdr),"M-SEARCH*HTTP/1.1\r\nHost:239.255.255.250:1900\r\nST:ssdp:all\r\nMan:\"ssdp:discover\"\r\nMX:3\r\n\r\n");
Netbiosattackscriptquery: udph->dest=htons(137); udph->check=0; memcpy((void*)udph+sizeof(structudphdr),"\xe5\xd8\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x20\x43\x4b\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x00\x00\x21\x00\x01",50); Figure11:SSDPandNetbiosreflectionscriptpayloadsections.
6.0/CONCLUSION/Whileanalyzingattacks,itisusuallyverydifficulttoobtainattribution.InthecaseofXor,it'spossiblethatthisbotnetwasunderthecontrolofagroupinChinaasperthearrestsinthisreport.Noattacksfromxorwereobservedduringaperiodoftimefollowingthisnews.Otherattackmethods,mostlyavailableinbootersites,addalargerpoolofpotentialactors.Asmoredataiscollectedfromattacks,itmaybepossibletonarrowitdownfurtherbybootersite.AkamaiSIRTwillprovideupdatesasavailable.
CustomerswhobelievetheyareatriskandneedadditionaldirectioncancontactAkamaidirectlythroughCCareat1-877-4-AKATEC(U.S.AndCanada)or617-444-4699(International),theirEngagementManager,ortheiraccountteam.
Toaccessotherwhitepapers,threatadvisoriesandsecurityresearchpublications,pleasevisitourSecurityResearchandIntelligencesectiononAkamaiCommunity.
10
AboutAkamaiSecurityIntelligenceResponseTeam(SIRT)Focusesonmitigatingmaliciousglobalcyberthreatsandvulnerabilities,theAkamaiSecurityIntelligenceResponseTeam(SIRT)conductsandsharesdigitalforensicsandpost-eventanalysiswiththesecuritycommunitytoproactivelyprotectagainstthreatsandattacks.Aspartofitsmission,theAkamaiSIRTmaintainsclosecontactwithpeerorganizationsaroundtheworldandtrainsAkamai’sProfessionalServicesandCustomerCaretramtobothrecognizeandcounterattacksfromawiderangeofadversies.TheresearchperformedbytheAkamaiSIRTisintendedtohelpensureAkamai’scloudsecurityproductsarebestofbreedandcanprotectagainstanyofthelatestthreatsimpactingtheindustry.
AboutAkamaiAsthegloballeaderinContentDeliveryNetwork(CDN)services,AkamaimakestheInternetfast,reliableandsecureforitscustomers.Thecompany'sadvancedwebperformance,mobileperformance,cloudsecurityandmediadeliverysolutionsarerevolutionizinghowbusinessesoptimizeconsumer,enterpriseandentertainmentexperiencesforanydevice,anywhere.TolearnhowAkamaisolutionsanditsteamofInternetexpertsarehelpingbusinessesmovefasterforward,pleasevisitwww.akamai.comorblogs.akamai.com,andfollow@AkamaionTwitter.
AkamaiisheadquartedinCambridge,MassachusettsintheUnitedStatswithoperationsinmorethan40officesaroundtheworld.OurservicesandrenowenedcustomercareenablebusinessestoprovideanunparalleledInternetexperiencefortheircustomersworldwide.Addresses,phonenumbersandcontactinformationforalllocationsarelistedonwww.akamai.com/locations
©2016AkamaiTechnologies,Inc.AllRightsReserved.Reproductioninwholeorinpartinanyformormediumwithoutexpresswrittenpermissionisprohibited.AkamaiandtheAkamaiwavelogoareregisteredtrademarks.Othertrademarkscontainedhereinarethepropertyoftheirrespectiveowners.Akamaibelievesthattheinformationinthispublicationisaccurateofit’spublicationdate;suchinformationissubjecttochangewithoutnotice.Published07/16