Flash Media Servers as Open Proxies

Charles Wyble charles at thewybles.com
Thu Dec 3 11:59:20 CST 2009


This is most interesting. Have you spoken with Adobe about the issue? I don't have an immediate handle on how they have reacted to security issues in the past. 
Sane defaults would be nice. :( 

You might want to ping Akami as they have substantial operational experience with flash media server. 

I look forward to a writeup on the topic. 

On Dec 3, 2009, at 9:45 AM, Marshall Eubanks wrote:

> I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box"
> as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore,
> I also found that there is an ecosystem of pirates taking advantage of this "feature" to
> illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen)
> servers and can amount to thousands of streams and Gbps of consumed bandwidth.
> I believe but am not 100% sure that there are similar problems with Window Media Servers.
> I would like to hear (off-list) from people who have experience fighting this so that we could
> maybe pool techniques. I will try to write this up further later.
> Regards
> Marshall Eubanks

More information about the NANOG mailing list