As many of you know, Revision3's servers were brought down over the Memorial Day weekend by a denial of service attack. It's an all too common occurrence these days. But this one wasn't your normal cybercrime - there's a chilling twist at the end. Here's what happened, and why we're even more concerned today, after it's over, than we were on Saturday when it started.
It all started with just a simple "hi". Now "hi" can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess - like by a cranky 3-year old-it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking "hi" over and over again, and you begin to understand what our poor servers went through this past weekend.
On the internet, computers say hi with a special type of packet, called "SYN". A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet - routers, firewalls and load balancers - are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.
For adults, it's typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.
That's what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down - bringing the rest of Revision3 with it. In webspeak it's called a Denial of Service attack - aka DoS - and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up.
(Note the photo of our server equipment responding to the DoS Attack)
In its coverage Tuesday CNet asked the question, "Now who would want to attack Revision3?" Who indeed? So we set out to find out.
Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, that's the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a "torrent", which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or "tracker". You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It's a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?
Along with where it's bound, every internet packet has a return address. Often, particularly in cases like this, it's forged - or spoofed. But interestingly enough, whoev
Quote from the blog entry on the new password manager:
The first part, a long slog of untangling and porting the old C++ code to JS, is now complete. Now, THAT sounds like something you want to do.
I always mock up something quick in C++ and port it to JS afterwards.
There is no competition. Social networks (like del.icio.us for websites) has shown us they're more reliable in the end. last.fm just needs a wider userbase and all our music knowledge are belong to them.
Slashdot Mirror
I'm also on that boat. It truly is a good keyboard, especially for people that like short key movement.
I was able to grab the blog post:
As many of you know, Revision3's servers were brought down over the Memorial Day weekend by a denial of service attack. It's an all too common occurrence these days. But this one wasn't your normal cybercrime - there's a chilling twist at the end. Here's what happened, and why we're even more concerned today, after it's over, than we were on Saturday when it started.
It all started with just a simple "hi". Now "hi" can be the sweetest word in the world, breathlessly whispered into your ear by a long-lost lover, or squealed out by your bouncy toddler at the end of the day. But taken to excess - like by a cranky 3-year old-it gets downright annoying. Now imagine a room full of hyperactive toddlers, hot off of a three hour Juicy-Juice bender, incessantly shrieking "hi" over and over again, and you begin to understand what our poor servers went through this past weekend.
On the internet, computers say hi with a special type of packet, called "SYN". A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet - routers, firewalls and load balancers - are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.
For adults, it's typically an inability to cope, followed either by quickly fleeing the room, or orchestrating a massive Teletubbies intervention. Since they lack both legs and a ready supply of plushies, internet devices usually just shut down.
That's what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down - bringing the rest of Revision3 with it. In webspeak it's called a Denial of Service attack - aka DoS - and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up. (Note the photo of our server equipment responding to the DoS Attack)
In its coverage Tuesday CNet asked the question, "Now who would want to attack Revision3?" Who indeed? So we set out to find out. Internet attacks leave lots of evidence. In this case it was pretty easy to see exactly what our shadowy attacker was so upset about. It turns out that those zillions of SYN packets were addressed to one particular port, or doorway, on one of our web servers: 20000. Interestingly enough, that's the port we use for our Bittorrent tracking server. It seems that someone was trying to destroy our bittorrent distribution network.
Let me take a step back and describe how Revision3 uses Bittorrent, aka BT. The BT protocol is a peer to peer scheme for sharing large files like music, programs and video. By harnessing the peer power of many computers, we can easily and cheaply distribute our huge HD-quality video shows for a lot less money. To get started, the person sharing that large file first creates a small file called a "torrent", which contains metadata, along with which server will act as the conductor, coordinating the sharing. That server is called the tracking server, or "tracker". You can read much more about Bittorrent at Wikipedia, if you really want to understand how it works.
Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It's a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores.
But someone, or some company, apparently took offense to Revision3 using Bittorrent to distribute its own slate of shows. Who could that be?
Along with where it's bound, every internet packet has a return address. Often, particularly in cases like this, it's forged - or spoofed. But interestingly enough, whoev
This is definately not the way to attract new users to FF. However, if you want to do it, using a IE infobar is way cooler.
There is no competition. Social networks (like del.icio.us for websites) has shown us they're more reliable in the end. last.fm just needs a wider userbase and all our music knowledge are belong to them.