The Tiger Effect and Internet DDoS

An anonymous reader writes "Many US and Canadian ISPs thought they were under a massive denial of service attack yesterday — traffic spiked by hundreds of gigabits across North America. Turns out that the traffic was due to live streaming of the U.S. Open and Tiger Woods nail-biting victory."

naming this effect?

[COMON$ (806135)]

tigerd

Tigerdotted

I Got wooded?

ok /.ers you can do better. I need to update my ids logs to take this into consideration ;)

Re:

[belgar (254293)]

Opened?

/got nothing

Re:

[Gewalt (1200451)]

How bout we call it 'FF3 world record attempt' instead?

Re:naming this effect?

[Mordok-DestroyerOfWo (1000167)]

What does Final Fantasy 3 have to do with this? You leave that ragtag crew out of it!

Jennifered?

[EmbeddedJanitor (597831)]

Jennicam caused massive overloading the first time she had realtime sex. Likely there were other occasions before that too.

Re:Jennifered?

[Matt Perry (793115)]

Now, where can I find this Jennifer and, most importantly, is she still doing it?

She took down her site, but you can call her at 867-5309 and ask if she has some DVDs.

Re:Jennifered?

[CopaceticOpus (965603)]

victoria secret's first streamed show had issues.

Luckily, most of these issues were caught by tissues!

You learn something new every day

[spun (1352)]

Who knew that there was a professional nail-biter's competition, let alone that Tiger Woods won it?

Not Firefox?

[truthsearch (249536)]

You mean it wasn't due to Firefox downloads? Guess it's not yet as mainstream as I'd like it to be. :)

Re:Not Firefox?

[truthsearch (249536)]

Joke --------> *whoosh*
          O <--- You
        --|--
          |
        / \
 

(Credit [seenonslash.com] and credit [slashdot.org])

Re:Not Firefox?

[antdude (79039)]

Ouch, the guy's poor legs.

Tiger? Euro2008?

[superphreak (785821)]

I thought it was due to Euro2008 coverage on Espn360.com

Tiger effect?

[by Anonymous Coward]

Haven't most users updated to Leopard by now?

Re:Tiger effect?

[morgan_greywolf (835522)]

Haven't most users updated to Leopard by now?

Oh, FSCKING JEBUS. Why does some nitwit have to make everything about Apple?!

Hint to Steve Jobs genuflecting tards: No, life is not all about Apple. No go outside and get some fresh air. Now.

Re:Tiger effect?

[bobdotorg (598873)]

Haven't most users updated to Leopard by now?

Oh, FSCKING JEBUS. Why does some nitwit have to make everything about Apple?!

Hint to Steve Jobs genuflecting tards: No, life is not all about Apple. No go outside and get some fresh air. Now.

Wow. Get some air. You're right. And it's a really nice day out. Head on out and get some air.

You just gave me an excellent idea. I'll just pop out to the Apple Store and get a MacBook Air.

Office bandwith

[silas_moeckel (234313)]

I remember working at a streaming media startup and a Tiger nail bitter was our first live event. 8 Years ago that was 24gb a sec and the average bit rate was 368kbs if I remember correctly. There is a lot more bandwidth now than then. The fun part was running the logs and associating the AS and often the big company associated with it, there seemed to be a lot of people with comfy offices a lot of bandwidth and a love of golf back then.

Re:Office bandwith

[corbettw (214229)]

there seemed to be a lot of people with comfy offices a lot of bandwidth and a love of golf back then.

Really? You don't say?

Re:Office bandwith

[cheater512 (783349)]

I just hope a CEO asks the obvious question: "Why did it take out our big net connections? They were all watching the same thing!"

Maybe then they will enable multicast.

Oops.

[WK2 (1072560)]

traffic spiked by hundreds of gigabits across North America.

Oh sorry, that was me. I downloaded several seasons of Star Trek: The Next Generation. Seriously, hundreds of gigabits across North America is a problem? 500 gigabits is approximately 62 GB.

Re:Oops.

[gbjbaanb (229885)]

Seriously, hundreds of gigabits across North America is a problem? 500 gigabits is approximately 62 GB.

that'll be per second.

Re:Oops.

[Da Fokka (94074)]

The kiloclit

Nail-biting victory?

[by Anonymous Coward]

I find it hard to believe that there's anything that can possibly be nail-biting about watching golf.

Re:Nail-biting victory?

[swb (14022)]

I used to feel the same exact way -- I thought watching golf was about as exciting as watching the grass its played on grow.

I don't know what happened, but I've gotten kind of hooked on the major tournaments. There's enough camera coverage that they actually spend most of the time with a decent golfer hitting the ball, so its not just a bunch of guys walking around, and they're almost exclusively in high definition.

Re:

[by Anonymous Coward]

Did you recently receive a raise and a comfy office?

Re:

[mgblst (80109)]

...and they're almost exclusively in high definition.

I don't know about you, but if I don't like something, seeing it in HD isn't exactly going to help much.

Re:Nail-biting victory?

[drew (2081)]

No, you don't get it. By watching in HD you can actually watch the grass grow while watching the golf game, so you get double the enjoyment.

Re:Nail-biting victory?

[PitaBred (632671)]

If you played, you'd understand the skill going into it.

It's like the manager who can't possibly understand how hard it can be to add search functionality to the program... I mean, all you have to do is add that button that says "Search", right?

Re:

[geekoid (135745)]

Sure, lots of skill, but nail biting? uummm no.

I don't think anyone doubts the level of skill involved.

Wow! Could Thse ISPs be in Trouble!?

[moore.dustin (942289)]

If these ISPs were overloaded to the point of thinking they may be being DDoS'ed over one event online, they are they wholly unprepared for any sort of attack that may actually be focused at them? Imagine the carnage a real attack would wreak on the ISPs! Is there anyone out there that knows the likelihood of ISPs going down if they came under a real attack? If a few botnets targeted these ISPs, could they be brought down completely? Imagine one of these ISPs really stepping up the game for a tiered internet service model, putting themselves out there as a lightening rod for angry nerds. Could a coordinated effort break the back of an ISPs ability to provide any service whatsoever?

Your thoughts are most welcome and I thank you in advance for sharing your thoughts!

Re:Wow! Could Thse ISPs be in Trouble!?

[thecheatah (977630)]

Umm, I knew a person who managed a very large botnet. He use to be able to take down the internet for a general area. He use to have "wars" with other botnet people and you would notice the internet gone for a few hours, in my neighborhood at least. Then he was hired to take down a website in the west side of the Pennsylvania. He actually took down the internet for the whole area. Banks there couldn't communicate and all that. Well, he was caught and spent some time in prison. Now he doesn't really fit in with society any more and spends time in and out of prison.

Re:Wow! Could Thse ISPs be in Trouble!?

[by Anonymous Coward]

And you sat on your ass and said nothing eh?

Great.

Re:

[maxume (22995)]

It isn't real clear that he started out fitting into society...

Re:

[by Anonymous Coward]

Now he doesn't really fit in with society any more and spends time in and out of prison.

Does he really fit in there?

In [Soviet] prison, the question is what fits in you?

Re:Wow! Could Thse ISPs be in Trouble!?

[zappepcs (820751)]

I didn't see anyone else catch this. WTF do you mean to tell me that they 'thought' it was a DDoS? Thought? So much for that traffic shaping magic. Sure, if it had been P2P we'd know exactly what little johnny down the street has on his iPod this morning and the RIAA would be all over the news with it and how file sharers killed the Internet.

From the looks of this, co-ordinated effort is nothing more than a couple thousand bot computers infected with a 'lets watch sports over the net' worm. Think of it. One bot net with 100,000 computers all trying to watch ESPN at the same time, and those that can, also trying to watch something from Europe at the same time.

One word: multicast

Uni-casting VOD over the Internet will keep doing this over and over again and ISPs will continue to blame file sharing for their lack of both foresight and bandwidth.

Re:Wow! Could Thse ISPs be in Trouble!?

[ACMENEWSLLC (940904)]

These streams are 800Kb/s each. On top of that, they run over SSL which adds to the overhead. And each connection streams from one of hundreds of IP ranges.

We have 500 users sharing a dual T1, all wanting to watch this. So why did business transactions begin failing? I wonder.

Yea, we saw this.

Since it was SSL we can't inspect it at the application layer for QoS. Since it's a huge number of IP ranges, that gets us too. We can't transparently proxy SSL so Squid can't help. It's a flash stream over https.

So we QoSed the end users on port 443 in this case. 300b/s seems about right. :P

omfg!ponies

[Rob Kaper (5960)]

Run for the hills! Internet traffic doubles/triples during a major sports event? Who could have known!

That's about as worthy of an article as one "discovering" Euro Cup 2008 matches causes certain European streets to be abandoned for ninety minutes.

I can understand how such a traffic increase would be reason for alarm for the average network administrator, but you'd think service providers whose main business is the infrastructure would be aware of major streaming events. This shouldn't have surprised so many people.

the world is out of balance

[circletimessquare (444983)]

until a DDoS effort successfully disrupts tiger wood's game

DDoG?

better streaming?

[jschen (1249578)]

Maybe we need a better streaming video mechanism for popular live streams? I would imagine that if everyone's watching the same thing at the same time, it ideally shouldn't take up any more bandwidth than, say, one compressed standard definition cable channel. Signed, naive chemist.

Multicast.

[pavon (30274)]

Yep, this is exactly the sort of situation that IP Multicast was created for. It has been part of the IP RFCs [faqs.org] since forever. Maybe more incidents like this will convince more ISPs to configure their routers to support it, so we could start using it.

Re:

[Kjella (173770)]

Yep, this is exactly the sort of situation that IP Multicast was created for. It has been part of the IP RFCs since forever. Maybe more incidents like this will convince more ISPs to configure their routers to support it, so we could start using it.

The more time passes, the less likely I think we'll ever use it. Multicast requires that all the people watch the same thing at the same time. Sure there are exceptions like this but what most people want the net for is surfing random stuff like YouTube, not being tied to some schedule. Plus being individual, hopefully I can pause the stream and pick it up a bit later, rewind a bit if I want to watch something again and so on. Multicast has all the convinience of TV without a DVR, unless you build the DVR

Re:

[pavon (30274)]

I think another good use for it would be saving server bandwidth on downloads without congesting the last mile the way P2P does. Say you offer several (number varying by demand) staggered multicast streams of a file each at some lowest-common-denominator (DSL) speed. Then you have a client that will connect to however many streams your connection can handle, and then just use P2P to pick up the few stray packets that you miss (since you don't normally resend with multicast).

The overall bandwidth would be mu

firefox

[mattwarden (699984)]

Just thought of something. Was mozilla.org hosting US Open highlight clips yesterday or something? Because that would explain a lot.

Match

[Tiro (19535)]

I couldn't access the NBC stream at all.

Fortunately Hong Kong's Star Sports was accessible through Sopcast P2P.

Great match! I watched the back nine and the sudden death playoff hole. Unfortunately the commentators were horrible. They did not announce the length of the puts (huge annoyance) and they spoke when there was nothing to say!

We want Jim Nantz, or perhaps the British announcers at The Open.

Re:Match

[corbettw (214229)]

I couldn't access the NBC stream at all.

Fortunately Hong Kong's Star Sports was accessible through Sopcast P2P.

That's awesome. Someone in the US (I assume you're in the US, since you referred to NBC and not some other network) had to watch a US sporting event by bouncing off a server in China.

The best part? It's not really all that impressive nowadays. But the entire concept was unthinkable to most people even 10 years ago.

Examine the traffic perhaps?

[jhsewell (620291)]

Did it occur to them to examine the contents of this supposed DDoS? You know, take a look at the source / destination IPs and perhaps a sampling of packet payloads in an attempt to figure out what was going on?

I'm not in favor of indiscriminate snooping, but as a security professional, this would be the first thing I would expect.

Troubling it wasn't recognized sooner

[tacokill (531275)]

How could this possibly be confused with a DDOS attack?

It makes me nervous that it even got to that point. How can a competent ISP confuse DDOS attacks with streaming video (most likely, the same streaming video sent to all people)? Isn't there a pattern there? Couldn't they see the connections were all coming from the same server or block of servers? Couldn't they see all of the connections were using the same protocol? Couldn't they see they were all using the same port?

How the hell do they confuse that with a DDOS? I am just a lowly part-time IT network manager at my company and even I can see the difference between streaming video and "other bad stuff".

Someone smarter than me please help me understand more about this. How did this get far enough to convince the ISP's they were being DDOS'd?

It was good quality video.. I watched.

[tji (74570)]

I guess I was part of the problem. I watched a good portion of it, at least the first nine holes until it switched to NBC coverage where my MythTV DVR could record it (the first half was on ESPN, and I don't get cable).

I was surprised at how good the video looked. I have tried several other events in the past, and have always been disappointed, or completely unable to view it. Although, for the NCAA Final Four this year, I was finally able to actually watch a game after failing the last few years. I had to use Win2K within a VMware VM, but it did work.

The U.S. Open video worked directly from my Mac, had decent sized video, and was completely watchable on my laptop. Nice job USGA, NBC, etc.

What Cable Providers are afraid of

[aliens (90441)]

All these moves to charge per usage is going to blow up in their face.

They're worried this kind of usage will eat into their own TV viewership. What better way to prevent that from happening than by charging those who use it.

What will end up happening is customers will get in a tizzy and without suitable alternatives lawsuits will fly.

In the end either they'll have to abandon these plans or competition will be forced into the market.

Re:

[Broken scope (973885)]

All that an you couldn't even bother to do a "first post" quote.

Re:

[superphreak (785821)]

7-9mbps down, 512up, $30 :D Cox, Oklahoma City (although the city itself is terrible)