Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

Flash Media Servers as Open Proxies

  

 
NANOG users RSS feed   Index | Next | Previous | View Threaded


tme at americafree

Dec 3, 2009, 9:45 AM

Post #1 of 4 (448 views)
Permalink
Flash Media Servers as Open Proxies
I recently found out that the Adobe Flash Media Server (FMS) can
operate "out of the box"
as an open proxy, enabling other people to steal server resources and
bandwidth. Furthermore,
I also found that there is an ecosystem of pirates taking advantage of
this "feature" to
illegally stream sports events (and maybe other stuff as well). Each
event uses multiple (stolen)
servers and can amount to thousands of streams and Gbps of consumed
bandwidth.

I believe but am not 100% sure that there are similar problems with
Window Media Servers.

I would like to hear (off-list) from people who have experience
fighting this so that we could
maybe pool techniques. I will try to write this up further later.

Regards
Marshall Eubanks


charles at thewybles

Dec 3, 2009, 9:59 AM

Post #2 of 4 (426 views)
Permalink
Re: Flash Media Servers as Open Proxies [In reply to]
Hmmmm..

This is most interesting. Have you spoken with Adobe about the issue? I don't have an immediate handle on how they have reacted to security issues in the past.
Sane defaults would be nice. :(

You might want to ping Akami as they have substantial operational experience with flash media server.

I look forward to a writeup on the topic.


On Dec 3, 2009, at 9:45 AM, Marshall Eubanks wrote:

> I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box"
> as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore,
> I also found that there is an ecosystem of pirates taking advantage of this "feature" to
> illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen)
> servers and can amount to thousands of streams and Gbps of consumed bandwidth.
>
> I believe but am not 100% sure that there are similar problems with Window Media Servers.
>
> I would like to hear (off-list) from people who have experience fighting this so that we could
> maybe pool techniques. I will try to write this up further later.
>
> Regards
> Marshall Eubanks
>


ray.sanders at villagevoicemedia

Dec 3, 2009, 10:09 AM

Post #3 of 4 (428 views)
Permalink
Re: Flash Media Servers as Open Proxies [In reply to]
Marshall,

Did you find out via published article, or your own research?

Either way I'd like (if you don't mind) more information on this so I
can investigate what impact there may be on our systems.


Thanks!

Marshall Eubanks wrote:
> I recently found out that the Adobe Flash Media Server (FMS) can
> operate "out of the box"
> as an open proxy, enabling other people to steal server resources and
> bandwidth. Furthermore,
> I also found that there is an ecosystem of pirates taking advantage of
> this "feature" to
> illegally stream sports events (and maybe other stuff as well). Each
> event uses multiple (stolen)
> servers and can amount to thousands of streams and Gbps of consumed
> bandwidth.
>
> I believe but am not 100% sure that there are similar problems with
> Window Media Servers.
>
> I would like to hear (off-list) from people who have experience
> fighting this so that we could
> maybe pool techniques. I will try to write this up further later.
>
> Regards
> Marshall Eubanks
>
>


--
-"Prediction is very difficult, especially about the future."
-Niels Bohr
--
Ray Sanders
Linux Administrator
Village Voice Media
Office: 602-744-6547
Cell: 602-300-4344


tme at americafree

Dec 3, 2009, 10:22 AM

Post #4 of 4 (422 views)
Permalink
Re: Flash Media Servers as Open Proxies [In reply to]
On Dec 3, 2009, at 1:09 PM, Ray Sanders wrote:

> Marshall,
>
> Did you find out via published article, or your own research?
> Either way I'd like (if you don't mind) more information on this so
> I can investigate what impact there may be on our systems.
>

Via a DMCA take-down letter for a Cricket match that was sent to
AmericaFree.TV, and subsequent research into what was going on.

Regards
Marshall

>
> Thanks!
>
> Marshall Eubanks wrote:
>> I recently found out that the Adobe Flash Media Server (FMS) can
>> operate "out of the box"
>> as an open proxy, enabling other people to steal server resources
>> and bandwidth. Furthermore,
>> I also found that there is an ecosystem of pirates taking advantage
>> of this "feature" to
>> illegally stream sports events (and maybe other stuff as well).
>> Each event uses multiple (stolen)
>> servers and can amount to thousands of streams and Gbps of consumed
>> bandwidth.
>>
>> I believe but am not 100% sure that there are similar problems with
>> Window Media Servers.
>>
>> I would like to hear (off-list) from people who have experience
>> fighting this so that we could
>> maybe pool techniques. I will try to write this up further later.
>>
>> Regards
>> Marshall Eubanks
>>
>>
>
>
> --
> -"Prediction is very difficult, especially about the future."
> -Niels Bohr
> --
> Ray Sanders
> Linux Administrator
> Village Voice Media
> Office: 602-744-6547
> Cell: 602-300-4344
>
>

NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.