The Tiger Effect and Internet DDoS

An anonymous reader writes "Many US and Canadian ISPs thought they were under a massive denial of service attack yesterday — traffic spiked by hundreds of gigabits across North America. Turns out that the traffic was due to live streaming of the U.S. Open and Tiger Woods nail-biting victory."

naming this effect?

[COMON$]

tigerd

Tigerdotted

I Got wooded?

ok /.ers you can do better. I need to update my ids logs to take this into consideration ;)

Re:

[belgar]

Opened?

/got nothing

Re:

[arivanov]

Missed one. Breeding mosquitoes in the ponds.

There is nothing more unpleasant than a golf course near a resort in a hot climate. It is like being on holiday in a swamp. Best example - Costa del Fuste on Fuerteventura.

Re:

[Doddman]

Tigerslashwooddot effect

Re:

[marklark]

Tiger/Wood. effect

Re:

[Gewalt]

How bout we call it 'FF3 world record attempt' instead?

Re:naming this effect?

[Mordok-DestroyerOfWo]

What does Final Fantasy 3 have to do with this? You leave that ragtag crew out of it!

Jennifered?

[EmbeddedJanitor]

Jennicam caused massive overloading the first time she had realtime sex. Likely there were other occasions before that too.

Re:Jennifered?

[Matt Perry]

Now, where can I find this Jennifer and, most importantly, is she still doing it?

She took down her site, but you can call her at 867-5309 and ask if she has some DVDs.

Re:

[urcreepyneighbor]

http://www.oldskoolphreak.com/tfiles/phreak/jenny07.txt [oldskoolphreak.com]

Re:

[EmbeddedJanitor]

No longer doing this, but there are reruns (search for "jennicam last week").

Re:Jennifered?

[CopaceticOpus]

victoria secret's first streamed show had issues.

Luckily, most of these issues were caught by tissues!

Re:

[oldspewey]

Fourputted?

You learn something new every day

[spun]

Who knew that there was a professional nail-biter's competition, let alone that Tiger Woods won it?

Re:

[Digestromath]

I thought this was some sort of mixed martial art competition and Tiger Woods won by repeatingly biting someone's nails. Must be some sort of new fangled submission technique.

Not Firefox?

[truthsearch]

You mean it wasn't due to Firefox downloads? Guess it's not yet as mainstream as I'd like it to be. :)

Re:Not Firefox?

[truthsearch]

Joke --------> *whoosh*
          O <--- You
        --|--
          |
        / \
 

(Credit [seenonslash.com] and credit [slashdot.org])

Re:Not Firefox?

[antdude]

Ouch, the guy's poor legs.

Re:

[divisionbyzero]

Ok, so you missed the joke, but it happens you are wrong as well. FF downloads traditionally have been mirrored but not on a CDN. That may have changed this time around, but I didn't notice.

Tiger? Euro2008?

[superphreak]

I thought it was due to Euro2008 coverage on Espn360.com

Tiger effect?

[Anonymous Coward]

Haven't most users updated to Leopard by now?

Re:Tiger effect?

[morgan_greywolf]

Haven't most users updated to Leopard by now?

Oh, FSCKING JEBUS. Why does some nitwit have to make everything about Apple?!

Hint to Steve Jobs genuflecting tards: No, life is not all about Apple. No go outside and get some fresh air. Now.

Re:Tiger effect?

[bobdotorg]

Haven't most users updated to Leopard by now?

Oh, FSCKING JEBUS. Why does some nitwit have to make everything about Apple?!

Hint to Steve Jobs genuflecting tards: No, life is not all about Apple. No go outside and get some fresh air. Now.

Wow. Get some air. You're right. And it's a really nice day out. Head on out and get some air.

You just gave me an excellent idea. I'll just pop out to the Apple Store and get a MacBook Air.

Office bandwith

[silas_moeckel]

I remember working at a streaming media startup and a Tiger nail bitter was our first live event. 8 Years ago that was 24gb a sec and the average bit rate was 368kbs if I remember correctly. There is a lot more bandwidth now than then. The fun part was running the logs and associating the AS and often the big company associated with it, there seemed to be a lot of people with comfy offices a lot of bandwidth and a love of golf back then.

Re:Office bandwith

[corbettw]

there seemed to be a lot of people with comfy offices a lot of bandwidth and a love of golf back then.

Really? You don't say?

Re:

[PitaBred]

And that would be a bet I'd take with 1000 to 1 odds any day of the week. You bet a dollar, I'd pay you $1000 if you're right.

The VAST majority of offices have no TV service whatsoever. They do have Internet as a cost of doing business, though. Major golf event that happens during the business day? You bet your bottom dollar that the C?O and most VP's are going to be watching a live stream of it.

Re:Office bandwith

[cheater512]

I just hope a CEO asks the obvious question: "Why did it take out our big net connections? They were all watching the same thing!"

Maybe then they will enable multicast.

If he had lost...

[elrous0]

We could call it the mourningwoods effect. [rimshot]

Oops.

[WK2]

traffic spiked by hundreds of gigabits across North America.

Oh sorry, that was me. I downloaded several seasons of Star Trek: The Next Generation. Seriously, hundreds of gigabits across North America is a problem? 500 gigabits is approximately 62 GB.

Re:Oops.

[gbjbaanb]

Seriously, hundreds of gigabits across North America is a problem? 500 gigabits is approximately 62 GB.

that'll be per second.

Re:

[g0at]

So why don't people say what they mean? Yeesh.

Re:

[Kjella]

So why don't people say what they mean? Yeesh.

May I suggest you go out and bludgeon every producer of "10 Mbit", "100 Mbit" and "Gigabit" ethernet cards, switches and so on? I mean, speaking of network traffic without dividing it by a time unit, there should be a law against things like that.

Re:

[TooMuchToDo]

How many library of congress' of porn is that per second?

Re:

[Mordok-DestroyerOfWo]

library of congress' of porn

Is that the SI unit for porn?

Re:Oops.

[Da Fokka]

The kiloclit

Re:

[geekoid]

What is the nickname of Rosanne Barr's pussy?

Re:

[PitaBred]

I propose the new nomenclature of a "Jeremy" as an SI unit, which is equivalent to the amount of porn viewed by the average 15 year old, broadband connected male per week. That'll put the bits into perspective ;)

Given that, what was this golf thing, something like 15-20 Jeremys?

Re:

[oodaloop]

I'm not familiar with that metric. However, it is equivalent to just over 1 million bathtubs full of betamax tapes.

Re:

[Ctrl-Z]

Maybe I don't give enough credit to the LoC, but for some reason I can't see browsing the stacks for that type of, uh, material.

Re:

[gbjbaanb]

But browsing the librarians is another matter.... think of the tight black pencil skirts, loose white blouses, those spectacles, and lascivious use of a pencil :-)

Nail-biting victory?

[Anonymous Coward]

I find it hard to believe that there's anything that can possibly be nail-biting about watching golf.

Re:

[rob1980]

Anything that says "sudden death" on it tends to be like that.

Re:Nail-biting victory?

[swb]

I used to feel the same exact way -- I thought watching golf was about as exciting as watching the grass its played on grow.

I don't know what happened, but I've gotten kind of hooked on the major tournaments. There's enough camera coverage that they actually spend most of the time with a decent golfer hitting the ball, so its not just a bunch of guys walking around, and they're almost exclusively in high definition.

Re:

[Anonymous Coward]

Did you recently receive a raise and a comfy office?

Re:

[mgblst]

...and they're almost exclusively in high definition.

I don't know about you, but if I don't like something, seeing it in HD isn't exactly going to help much.

Re:Nail-biting victory?

[drew]

No, you don't get it. By watching in HD you can actually watch the grass grow while watching the golf game, so you get double the enjoyment.

Re:

[drew]

While I'm not as into as some people that I know, I do enjoy both playing and watching golf. Even so, I don't remember ever watching or playing a game of golf that I would consider "nail-biting".

Re:Nail-biting victory?

[PitaBred]

If you played, you'd understand the skill going into it.

It's like the manager who can't possibly understand how hard it can be to add search functionality to the program... I mean, all you have to do is add that button that says "Search", right?

Re:

[geekoid]

Sure, lots of skill, but nail biting? uummm no.

I don't think anyone doubts the level of skill involved.

Re:

[maglor_83]

I can't say I like watching someone coding up search functionality in a program either.

Wow! Could Thse ISPs be in Trouble!?

[moore.dustin]

If these ISPs were overloaded to the point of thinking they may be being DDoS'ed over one event online, they are they wholly unprepared for any sort of attack that may actually be focused at them? Imagine the carnage a real attack would wreak on the ISPs! Is there anyone out there that knows the likelihood of ISPs going down if they came under a real attack? If a few botnets targeted these ISPs, could they be brought down completely? Imagine one of these ISPs really stepping up the game for a tiered internet service model, putting themselves out there as a lightening rod for angry nerds. Could a coordinated effort break the back of an ISPs ability to provide any service whatsoever?

Your thoughts are most welcome and I thank you in advance for sharing your thoughts!

Re:Wow! Could Thse ISPs be in Trouble!?

[thecheatah]

Umm, I knew a person who managed a very large botnet. He use to be able to take down the internet for a general area. He use to have "wars" with other botnet people and you would notice the internet gone for a few hours, in my neighborhood at least. Then he was hired to take down a website in the west side of the Pennsylvania. He actually took down the internet for the whole area. Banks there couldn't communicate and all that. Well, he was caught and spent some time in prison. Now he doesn't really fit in with society any more and spends time in and out of prison.

Re:Wow! Could Thse ISPs be in Trouble!?

[Anonymous Coward]

And you sat on your ass and said nothing eh?

Great.

Re:

[maxume]

It isn't real clear that he started out fitting into society...

Re:

[timmarhy]

i've always wondered how these people end up getting caught. i'd imagine a sting or someone blabbing to the cops would be it, because on a technical level it's almost impossible to catch them. typically they have their bots log into an IRC channel and the bots listen for commands, the botnet owner can just remote in through a hacked machine and issue the commands.

I had a machine of mine fall victim to one of those automated ssh attacks and it was very interesting to sit back and disect the guts of the botn

Re:

[Anonymous Coward]

Now he doesn't really fit in with society any more and spends time in and out of prison.

Does he really fit in there?

In [Soviet] prison, the question is what fits in you?

Re:Wow! Could Thse ISPs be in Trouble!?

[zappepcs]

I didn't see anyone else catch this. WTF do you mean to tell me that they 'thought' it was a DDoS? Thought? So much for that traffic shaping magic. Sure, if it had been P2P we'd know exactly what little johnny down the street has on his iPod this morning and the RIAA would be all over the news with it and how file sharers killed the Internet.

From the looks of this, co-ordinated effort is nothing more than a couple thousand bot computers infected with a 'lets watch sports over the net' worm. Think of it. One bot net with 100,000 computers all trying to watch ESPN at the same time, and those that can, also trying to watch something from Europe at the same time.

One word: multicast

Uni-casting VOD over the Internet will keep doing this over and over again and ISPs will continue to blame file sharing for their lack of both foresight and bandwidth.

Re:

[dpilot]

> One word: multicast
>
> Uni-casting VOD over the Internet will keep doing this over and over again

But multicast is not VOD, because the stream happens when the stream happens. You'd have to consult some sort of schedule, and connect to the multicast stream at the right time. I'll bet that given time, there would even be publications, either online or perhaps even dead-tree, to distribute these schedules. Whatta concept.

We've accused the cable companies of trying to turn the Internet into TV. I

Re:

[zappepcs]

Here's the thing. I've given this some thought, both about how it could/might work, and how I would be able to enjoy it working.

If there is a multicast stream of the movies available, one started every 15 or 30 minutes that I could join, I'd be totally happy with that. On demand in 30 minutes or less and no pizza guy to have to be nice to. It would work for me. I'm never in that much of a rush to see a movie that it has to start RIGHT NOW dog maddit!

The cable company ends up with 6-10 streams for each movie

Re:Wow! Could Thse ISPs be in Trouble!?

[ACMENEWSLLC]

These streams are 800Kb/s each. On top of that, they run over SSL which adds to the overhead. And each connection streams from one of hundreds of IP ranges.

We have 500 users sharing a dual T1, all wanting to watch this. So why did business transactions begin failing? I wonder.

Yea, we saw this.

Since it was SSL we can't inspect it at the application layer for QoS. Since it's a huge number of IP ranges, that gets us too. We can't transparently proxy SSL so Squid can't help. It's a flash stream over https.

So we QoSed the end users on port 443 in this case. 300b/s seems about right. :P

Lost production?

[Ogive17]

I guess since it was Monday afternoon everyone was watching it from work.

Re:

[Dan541]

I guess since it was Monday afternoon everyone was watching it from work.

Well what else would an office worker do?

If anything this has saved allot of staples that would otherwise have been fired at the waste paper bin.

omfg!ponies

[Rob Kaper]

Run for the hills! Internet traffic doubles/triples during a major sports event? Who could have known!

That's about as worthy of an article as one "discovering" Euro Cup 2008 matches causes certain European streets to be abandoned for ninety minutes.

I can understand how such a traffic increase would be reason for alarm for the average network administrator, but you'd think service providers whose main business is the infrastructure would be aware of major streaming events. This shouldn't have surprised so many people.

Re:

[Alpha830RulZ]

It was surprising because it was a monday playoff that wasn't on anyone's schedules. Golf tournaments normally end on the weekend, so they don't run into competing with business traffic. This went into monday, and also happened to be a see-sawing event which kept people's attention.

Damn good golf, too.

Re:

[A beautiful mind]

Just look around. Sysadmins = slashdot people. Do you see anyone here who knows who Tiger Woods is, nonetheless when he'll play? Exactly.

Re:

[fotbr]

That's odd. Quite a few sysadmin types I know follow golf. Several even play.

Re:

[A beautiful mind]

You're thinking of Perlgolf.

Re:

[murdocj]

It's newsworthy because it points up the fallacy of the "TV is going away all video will be watched thru the Internet" meme.

the world is out of balance

[circletimessquare]

until a DDoS effort successfully disrupts tiger wood's game

DDoG?

better streaming?

[jschen]

Maybe we need a better streaming video mechanism for popular live streams? I would imagine that if everyone's watching the same thing at the same time, it ideally shouldn't take up any more bandwidth than, say, one compressed standard definition cable channel. Signed, naive chemist.

Multicast.

[pavon]

Yep, this is exactly the sort of situation that IP Multicast was created for. It has been part of the IP RFCs [faqs.org] since forever. Maybe more incidents like this will convince more ISPs to configure their routers to support it, so we could start using it.

Re:

[Kjella]

Yep, this is exactly the sort of situation that IP Multicast was created for. It has been part of the IP RFCs since forever. Maybe more incidents like this will convince more ISPs to configure their routers to support it, so we could start using it.

The more time passes, the less likely I think we'll ever use it. Multicast requires that all the people watch the same thing at the same time. Sure there are exceptions like this but what most people want the net for is surfing random stuff like YouTube, not being tied to some schedule. Plus being individual, hopefully I can pause the stream and pick it up a bit later, rewind a bit if I want to watch something again and so on. Multicast has all the convinience of TV without a DVR, unless you build the DVR

Re:

[pavon]

I think another good use for it would be saving server bandwidth on downloads without congesting the last mile the way P2P does. Say you offer several (number varying by demand) staggered multicast streams of a file each at some lowest-common-denominator (DSL) speed. Then you have a client that will connect to however many streams your connection can handle, and then just use P2P to pick up the few stray packets that you miss (since you don't normally resend with multicast).

The overall bandwidth would be mu

firefox

[mattwarden]

Just thought of something. Was mozilla.org hosting US Open highlight clips yesterday or something? Because that would explain a lot.

Match

[Tiro]

I couldn't access the NBC stream at all.

Fortunately Hong Kong's Star Sports was accessible through Sopcast P2P.

Great match! I watched the back nine and the sudden death playoff hole. Unfortunately the commentators were horrible. They did not announce the length of the puts (huge annoyance) and they spoke when there was nothing to say!

We want Jim Nantz, or perhaps the British announcers at The Open.

Re:Match

[corbettw]

I couldn't access the NBC stream at all.

Fortunately Hong Kong's Star Sports was accessible through Sopcast P2P.

That's awesome. Someone in the US (I assume you're in the US, since you referred to NBC and not some other network) had to watch a US sporting event by bouncing off a server in China.

The best part? It's not really all that impressive nowadays. But the entire concept was unthinkable to most people even 10 years ago.

What on earth

[Peow]

is happening to all my comments? I posted a couple yesterday. I posted about 4 today and now the 4 I posted today are gone.

If it was on Tuesday then it was a repeat

[thewils]

The US Open nail-biting ended on Monday, are they sure it wasn't Firefox 3?

Here's the plan

[hellfire]

1) Give Tiger Woods a cadillac made of gold in order to, after his surgery, play in a major and make it close so that it goes to a playoff. Ask him to keep the tie breaker going for as long as he can.
2) Advertise how the internet can't handle the bandwidth, scream fire and brimstone, exclaim that you may not be able to see Tiger again in a playoff if this isn't fixed and sell network upgrades.
3) Profit!

Examine the traffic perhaps?

[jhsewell]

Did it occur to them to examine the contents of this supposed DDoS? You know, take a look at the source / destination IPs and perhaps a sampling of packet payloads in an attempt to figure out what was going on?

I'm not in favor of indiscriminate snooping, but as a security professional, this would be the first thing I would expect.

Price per GB!

[Drakin020]

I bet the ISP are just twiddling there thumbs right now at the idea of charging by the GB for internet.

Scary but true.

Troubling it wasn't recognized sooner

[tacokill]

How could this possibly be confused with a DDOS attack?

It makes me nervous that it even got to that point. How can a competent ISP confuse DDOS attacks with streaming video (most likely, the same streaming video sent to all people)? Isn't there a pattern there? Couldn't they see the connections were all coming from the same server or block of servers? Couldn't they see all of the connections were using the same protocol? Couldn't they see they were all using the same port?

How the hell do they confuse that with a DDOS? I am just a lowly part-time IT network manager at my company and even I can see the difference between streaming video and "other bad stuff".

Someone smarter than me please help me understand more about this. How did this get far enough to convince the ISP's they were being DDOS'd?

Re:

[mapsjanhere]

My guess would be, they assumed that not that many people out there would actually be watching Tiger Woods, but that some botnet was running a new form of DDoS - suck up all the bandwidth by requesting multiple streams of a very bandwidth intensive application. Don't bring down the servers, bring down the pipes themselves.

Re:

[Dan541]

Because if they call it a DoS attack they can justify themselfs in blocking it.

Same at work...

[Buzz_Litebeer]

Where I work they thought we were having issues, and found that many people were streaming the competition. When they found that out they asked everyone to go watch it on television in our big meeting room.

Pretty fun.

Net neutrality

[Arthur B.]

Isn't this one of the negative consequences of net neutrality ?

Re:

[genericpoweruser]

If this had a higher priority it might have choked everything out. If it had a lower priority it wouldn't have worked at all. As it is (neutral) a thing has priority directly proportional to its popularity (providing it doesn't "cheat," so to speak, like torrents do [by making many, many connections]).

My opinion anyway; Feel free to rebut it.

Re:

[Dan541]

Negative?

Please explain how this is negative?

It was good quality video.. I watched.

[tji]

I guess I was part of the problem. I watched a good portion of it, at least the first nine holes until it switched to NBC coverage where my MythTV DVR could record it (the first half was on ESPN, and I don't get cable).

I was surprised at how good the video looked. I have tried several other events in the past, and have always been disappointed, or completely unable to view it. Although, for the NCAA Final Four this year, I was finally able to actually watch a game after failing the last few years. I had to use Win2K within a VMware VM, but it did work.

The U.S. Open video worked directly from my Mac, had decent sized video, and was completely watchable on my laptop. Nice job USGA, NBC, etc.

What Cable Providers are afraid of

[aliens]

All these moves to charge per usage is going to blow up in their face.

They're worried this kind of usage will eat into their own TV viewership. What better way to prevent that from happening than by charging those who use it.

What will end up happening is customers will get in a tizzy and without suitable alternatives lawsuits will fly.

In the end either they'll have to abandon these plans or competition will be forced into the market.

IpTV, not ready yet.

[EnOne]

sarcasm - Nice to know that now we can get our shows easily and smoothly across the internet. We probably no longer need to broadcast over the air - /sarcasm

Olympics

[zrq]

So what will happen when the 2008 Olympics [beijing2008.cn] start ?

Re:

[Broken scope]

All that an you couldn't even bother to do a "first post" quote.

Re:

[techno-vampire]

In case you haven't noticed (and you may not) moderators are now getting three times as many mod points. That means that the trolls have to work three times as hard and post three times as many stupid, off-topic, offensive or otherwise inappropriate posts so that foolish moderators will waste all those mod points modding them down instead of using them to reward people for good posts. When I have mod points, I tend to ignore stupid posts if they're by AC, because it doesn't do any good. In this case, how

Re:

[Kjella]

I guess it depends on what you want modding to be like. When I get mod points I drop to -1, look for moderator abuse and spent most of my points shooting fish in a barrel by modding down trolls which usually burns my points in 10-15 minutes. I'd rather comment than moderate discussions, but I'm happy to help take out the garbage.

Re:

[superphreak]

7-9mbps down, 512up, $30 :D Cox, Oklahoma City (although the city itself is terrible)

Re:

[maxume]

It's actually quite healthy to like yourself just a little bit less than that.

In a fantasy land far, far away....

[Xtifr]

They were all educated computer professionals....good times...

I hate to tell you this, but your delusion that educated computer professionals are "avid sports non-fans" is not only delusory, but offensive to both educated computer professional (assumes geeks can't be jocks) and sports fans (assumes jocks can't be geeks). The fact is that jocks and geeks are heavily overlapping sets, and have been since long before there was an Internet. Many of us who respect and both the body and the minds have nothing but contempt for those who only respect the body and those who

Re:

[peragrin]

well he already good with a club and ball so he is going to to the stint as a baseball player first.

Re:

[RiotingPacifist]

damn straight, All thier ISPs bitching that IPTV is taking up too much bandwidth and it could all be solved if they just had multicast working.

This was live so would definatly have worked, and it doesnt take a genious to implement a buffering system which lets non-live programs benifit from a 99% reduction in bandwidth needs.