Flash Media Servers as Open Proxies
Charles Wyble
charles at thewybles.com
Thu Dec 3 17:59:20 UTC 2009
Hmmmm..
This is most interesting. Have you spoken with Adobe about the issue? I don't have an immediate handle on how they have reacted to security issues in the past.
Sane defaults would be nice. :(
You might want to ping Akami as they have substantial operational experience with flash media server.
I look forward to a writeup on the topic.
On Dec 3, 2009, at 9:45 AM, Marshall Eubanks wrote:
> I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box"
> as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore,
> I also found that there is an ecosystem of pirates taking advantage of this "feature" to
> illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen)
> servers and can amount to thousands of streams and Gbps of consumed bandwidth.
>
> I believe but am not 100% sure that there are similar problems with Window Media Servers.
>
> I would like to hear (off-list) from people who have experience fighting this so that we could
> maybe pool techniques. I will try to write this up further later.
>
> Regards
> Marshall Eubanks
>
More information about the NANOG
mailing list