I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box" as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore, I also found that there is an ecosystem of pirates taking advantage of this "feature" to illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen) servers and can amount to thousands of streams and Gbps of consumed bandwidth. I believe but am not 100% sure that there are similar problems with Window Media Servers. I would like to hear (off-list) from people who have experience fighting this so that we could maybe pool techniques. I will try to write this up further later. Regards Marshall Eubanks
Hmmmm.. This is most interesting. Have you spoken with Adobe about the issue? I don't have an immediate handle on how they have reacted to security issues in the past. Sane defaults would be nice. :( You might want to ping Akami as they have substantial operational experience with flash media server. I look forward to a writeup on the topic. On Dec 3, 2009, at 9:45 AM, Marshall Eubanks wrote:
I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box" as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore, I also found that there is an ecosystem of pirates taking advantage of this "feature" to illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen) servers and can amount to thousands of streams and Gbps of consumed bandwidth.
I believe but am not 100% sure that there are similar problems with Window Media Servers.
I would like to hear (off-list) from people who have experience fighting this so that we could maybe pool techniques. I will try to write this up further later.
Regards Marshall Eubanks
Marshall, Did you find out via published article, or your own research? Either way I'd like (if you don't mind) more information on this so I can investigate what impact there may be on our systems. Thanks! Marshall Eubanks wrote:
I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box" as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore, I also found that there is an ecosystem of pirates taking advantage of this "feature" to illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen) servers and can amount to thousands of streams and Gbps of consumed bandwidth.
I believe but am not 100% sure that there are similar problems with Window Media Servers.
I would like to hear (off-list) from people who have experience fighting this so that we could maybe pool techniques. I will try to write this up further later.
Regards Marshall Eubanks
-- -"Prediction is very difficult, especially about the future." -Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344
On Dec 3, 2009, at 1:09 PM, Ray Sanders wrote:
Marshall,
Did you find out via published article, or your own research? Either way I'd like (if you don't mind) more information on this so I can investigate what impact there may be on our systems.
Via a DMCA take-down letter for a Cricket match that was sent to AmericaFree.TV, and subsequent research into what was going on. Regards Marshall
Thanks!
Marshall Eubanks wrote:
I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box" as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore, I also found that there is an ecosystem of pirates taking advantage of this "feature" to illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen) servers and can amount to thousands of streams and Gbps of consumed bandwidth.
I believe but am not 100% sure that there are similar problems with Window Media Servers.
I would like to hear (off-list) from people who have experience fighting this so that we could maybe pool techniques. I will try to write this up further later.
Regards Marshall Eubanks
-- -"Prediction is very difficult, especially about the future." -Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344
participants (3)
-
Charles Wyble
-
Marshall Eubanks
-
Ray Sanders