Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Tiger Effect and Internet DDoS

Posted by timothy on from the aka-the-kenn-starr-steamroller dept.

An anonymous reader writes "Many US and Canadian ISPs thought they were under a massive denial of service attack yesterday — traffic spiked by hundreds of gigabits across North America. Turns out that the traffic was due to live streaming of the U.S. Open and Tiger Woods nail-biting victory."

5 of 191 comments (clear)

  1. Re:Oops. by gbjbaanb · · Score: 4, Informative

    Seriously, hundreds of gigabits across North America is a problem? 500 gigabits is approximately 62 GB. that'll be per second.

  2. Re:Not Firefox? by Anonymous Coward · · Score: 1, Informative

    Something like FF downloads would be decentralised by akami and other caches. Live, copyrighted streams are probably going to be coming from one server farm, thereby converging all the traffic at a point.

  3. Examine the traffic perhaps? by jhsewell · · Score: 3, Informative

    Did it occur to them to examine the contents of this supposed DDoS? You know, take a look at the source / destination IPs and perhaps a sampling of packet payloads in an attempt to figure out what was going on?

    I'm not in favor of indiscriminate snooping, but as a security professional, this would be the first thing I would expect.

  4. It was good quality video.. I watched. by tji · · Score: 4, Informative

    I guess I was part of the problem. I watched a good portion of it, at least the first nine holes until it switched to NBC coverage where my MythTV DVR could record it (the first half was on ESPN, and I don't get cable).

    I was surprised at how good the video looked. I have tried several other events in the past, and have always been disappointed, or completely unable to view it. Although, for the NCAA Final Four this year, I was finally able to actually watch a game after failing the last few years. I had to use Win2K within a VMware VM, but it did work.

    The U.S. Open video worked directly from my Mac, had decent sized video, and was completely watchable on my laptop. Nice job USGA, NBC, etc.

  5. Re:Wow! Could Thse ISPs be in Trouble!? by ACMENEWSLLC · · Score: 5, Informative

    These streams are 800Kb/s each. On top of that, they run over SSL which adds to the overhead. And each connection streams from one of hundreds of IP ranges.

    We have 500 users sharing a dual T1, all wanting to watch this. So why did business transactions begin failing? I wonder.

    Yea, we saw this.

    Since it was SSL we can't inspect it at the application layer for QoS. Since it's a huge number of IP ranges, that gets us too. We can't transparently proxy SSL so Squid can't help. It's a flash stream over https.

    So we QoSed the end users on port 443 in this case. 300b/s seems about right. :P