Many times, after running netstat on my server, I find one of IP addresses belonging to deploy.akamaitechnologies.com connected to my server, do someone has an idea on what is happening on my server ?
this is a case:
TCP xxx.xxx.xxx.xxx:49189 a184-25-107-184:http ESTABLISHED
To what could serve the port: 49189 when the source machine is running http ?
Your server is connecting to HTTP on the deploy.akamaitechnologies.com server, not the other way around. Run netstat -a -n -o on your server and see what PID (process ID) is responsible for the connection and investigate from there.
that's a dynamic port that TCP needs to make a connection, if you really want to find out more look in your apache's log grep for that IP and see what this IP is doing, block it if you have too.
Even if you turn windows updates off and remove Adobe then deploy.akamaitechnologies.com is still be called using static ip-addresses that change each time and this happens during log on and before you have a chance to run something to block them
since you don't know all the ip-addresses then its not possible to block using windows firewall and you won't find the domain name or ip-address in the registry or even in any of the files on your c-drive so someone has gone to a great deal of trouble to connect you to one of akamai servers and you can bet they are upto no good
it's my machine, i will decide who and when i make a connection and what i want to block and not spy the master general at microsoft or anyone else for that matter.
current IP's used to bypass security are
213.120.161.155 Server: AkamaiGHost 213.120.161.186 80.150.133.34 80.150.193.17 92.123.99.235
Sometime the host process is srvhost ran and ran "local" and other times it from another process ran as "system".
This may be old news by now, but I ran into the same issue as Alpha Bird and Google was not very clarifying about Akamai Technologies - only that it is seemed pretty harmless judging by the information that is available online (e.g. Wikipedia and the company website).
Anyway, Joe Qwerty's reply above put me on the right track to solve the mystery on my system, which is CentOS 6.6 by the way. On linux netstat -a -n -o --tcp --program demonstrated that the clock-applet was retrieving it's information from AKamai Technologies. Turning the clock in the task bar off made the http (port 80) connections go away. It also confirmed that it was pretty harmless, basically.
So, I've discovered that Windows 8 now apparently automatically (i.e. without asking or without one going to the Windows app store) downloads the 8.1 service pack after installing some 8.0 updates.
This download seemed to come from a-{some-numbers-and-dashes}.deploy.static.akamaitechnologies.com and took up about 3GB + 0.5 to 0.7GB (2 parts), downloading at a rate of about 10Mb/sec on my ADSL2 connection.
If you see this huge a download, and you get a 8.1 auto-install-now-yes/no notification then it looks like this is it. Thus, maybe Microsoft is using this service also.
