Re: Flash Media Servers as Open Proxies

[Charles Wyble <charles () thewybles com>]

Hmmmm..

This is most interesting. Have you spoken with Adobe about the issue? I don't have an immediate handle on how they have 
reacted to security issues in the past. 
Sane defaults would be nice. :( 

You might want to ping Akami as they have substantial operational experience with flash media server. 

I look forward to a writeup on the topic. 


On Dec 3, 2009, at 9:45 AM, Marshall Eubanks wrote:

> I recently found out that the Adobe Flash Media Server (FMS) can operate "out of the box"
> as an open proxy, enabling other people to steal server resources and bandwidth. Furthermore,
> I also found that there is an ecosystem of pirates taking advantage of this "feature" to
> illegally stream sports events (and maybe other stuff as well). Each event uses multiple (stolen)
> servers and can amount to thousands of streams and Gbps of consumed bandwidth.
>
> I believe but am not 100% sure that there are similar problems with Window Media Servers.
>
> I would like to hear (off-list) from people who have experience fighting this so that we could
> maybe pool techniques. I will try to write this up further later.
>
> Regards
> Marshall Eubanks