Tag Archives: SYN flood

Vigilantes Against BitTorrent? Revision3 Taken Down by SYN Floods

revision3_f5_dos.jpg Revision3 uses BitTorrent to distribute legal Internet television. It turns out using BitTorrent may be enough to subject a company to crippling online attack.
On the internet, computers say hi with a special type of packet, called “SYN”. A conversation between devices typically requires just one short SYN packet exchange, before moving on to larger messages containing real data. And most of the traffic cops on the internet – routers, firewalls and load balancers – are designed to mostly handle those larger messages. So a flood of SYN packets, just like a room full of hyperactive screaming toddlers, can cause all sorts of problems.

That’s what happened to us. Another device on the internet flooded one of our servers with an overdose of SYN packets, and it shut down – bringing the rest of Revision3 with it. In webspeak it’s called a Denial of Service attack – aka DoS – and it happens when one machine overwhelms another with too many packets, or messages, too quickly. The receiving machine attempts to deal with all that traffic, but in the end just gives up.

A bit of address translation, and we’d discovered our nemesis. But instead of some shadowy underground criminal syndicate, the packets were coming from right in our home state of California. In fact, we traced the vast majority of those packets to a public company called Artistdirect (ARTD.OB). Once we were able to get their internet provider on the line, they verified that yes, indeed, that internet address belonged to a subsidiary of Artist Direct, called MediaDefender.

Inside the Attack that Crippled Revision3, by Jim Louderback in Polemics, on May 29th, 2008 at 07:49 am

The plot thickens from there. Well worth reading. I bet the legal proceedings will be even more interesting.