Flash Media Servers as Open Proxies

Charles Wyble charles at thewybles.com
Thu Dec 3 17:59:20 UTC 2009


Hmmmm..

This is most interesting. Have you spoken with Adobe about the issue? I don't have an immediate handle on how they have reacted to security issues in the past. 
Sane defaults would be nice. :( 

You might want to ping Akami as they have substantial operational experience with flash media server. 

I look forward to a writeup on the topic. 


On Dec 3, 2009, at 9:45 AM, Marshall Eubanks wrote:

> I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box"
> as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore,
> I also found that there is an ecosystem of pirates taking advantage of this "feature" to
> illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen)
> servers and can amount to thousands of streams and Gbps of consumed bandwidth.
> 
> I believe but am not 100% sure that there are similar problems with Window Media Servers.
> 
> I would like to hear (off-list) from people who have experience fighting this so that we could
> maybe pool techniques. I will try to write this up further later.
> 
> Regards
> Marshall Eubanks
> 





More information about the NANOG mailing list