Tiger Woods' playoff performance at the U.S. Open drew traffic big enough to look like a massive denial-of-service attack to Internet service providers.
According to Internet security company Arbor Networks, the playoff between Woods and Rocco Mediate "generated one of the larger Internet-wide flash crowds this year." The country's golf fans who were at work, turned to Web video to watch the duel at Torrey Pines.
The security firm reported that several ISP's saw between 15 and 25 percent spikes in traffic. One ISP reported that traffic nearly doubled. Engineers at the ISPs stopped worrying when they saw the ballooning Internet usage wasn't directed at any individual customer.
"Traffic dipped and peaked corresponding to Tiger's initial misses and subsequent spectacular comeback as millions of office-bound fans tuned in to the live NBC and ESPN coverage," Arbor Networks wrote.
NBC said that Monday's playoff drew the biggest audience the Web site has ever seen, with 2 million users generating 9 million page views. The United States Golf Association and ESPN also covered the game but their numbers weren't available.
Warning: disturbing a war memorial can provoke all out cyber war--at least in Estonia. On April 27, 2007, Estonia officials relocated the "Bronze Soldier," a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis, a move that incited rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow. It also started a large and sustained distributed denial-of-service attack on several Estonian Web sites, including those of government ministries and the prime minister's Reform Party. A denial-of-service attack (DoS) occurs when someone directs a large number of requests to a target URL; the requests occur so quickly that the Web server can't respond and the site becomes inaccessible to everyone. A distributed denial-of-service attack (DDoS) occurs when hundreds or thousands of compromised computers are enlisted. Within the last week, the intensity of the attacks diminished.
Arbor Networks' Jose Nazario has now blogged his analysis of the Estonian DDos attacks. He reports that Arbor Networks recorded 128 unique DDoS attacks on Estonian-based URLs. Most lasted less than one hour, with the longest lasting 10 hours and 30 minutes. As for the strength, measured in how many packets of information flooded the given URL to make it inaccessible, the attacks were relatively light, with only ten of the attacks measuring 90-plus Mbps, including one of the 10-hour attacks. At its peak on May 9, the attack shut down up to 58 sites at once.
That's a lot of fire power, and it suggests the use of "botnets"--collections of compromised home and office computers worldwide. In this scenario, a "botherder" directs thousands of compromised computers to request simultaneous access to a single URL, effectively shutting down that site. Computer Security Incident Response Teams (CSIRTs) in several countries, as well as NATO, have assisted the Estonian government in handling the attacks. Early analysis suggests the attacks may have originated in Russia.
- prev
- 1
- next
