
YouTube And a Distributed Denial-of-Service Attack - rasterizer
http://googlesystem.blogspot.com/2013/06/youtube-ddos.html
======
alt_
Likely like the iOS6 AV Foundation bug[0] back in November. It caused me quite
a bit of headache, but the 6.0.1 bugfix was released quite quickly.

[0] [http://labs.prx.org/2012/11/14/ios-6-0-devours-data-plans-
ca...](http://labs.prx.org/2012/11/14/ios-6-0-devours-data-plans-causes-cdn-
overages/)

~~~
eridius
Probably not, since the article said the issue was TCP connections being left
open. That doesn't describe the AV Foundation bug.

------
stephengillie
Apple's got a history of noisy services. I remember when iOS 4.0.0 was blocked
from the email service I was working for and many others because it basically
spammed mail servers. A lot of our customers were mad that the software update
disconnected them, but Apple released 4.0.1 quickly to address this.

------
emko
Aren't timeouts (TCP and whatever) supposed to handle this without resorting
to global conspiracy?

~~~
SpikeGronim
TCP cannot tell what the application wants. If the client application never
closes the connection then TCP will keep that connection alive indefinitely
(assuming you configured it with keep alives). Each connection consumes some
resources on the server (primarily send and receive buffers in memory). So if
your application never tells TCP to close the connection then it hogs server
resources. There are many malicious DoS tactics that go for the same effect.

~~~
shitlord
> There are many malicious DoS tactics that go for the same effect.

One of the most popular is a slowloris attack. It's particularly pernicious if
it's distributed and coming from a botnet or something.
[https://en.wikipedia.org/wiki/Slowloris](https://en.wikipedia.org/wiki/Slowloris)

------
meshko
What is "application level streaming"?

~~~
twoodfin
[http://googlesystem.blogspot.com/2013/06/youtubes-smarter-
vi...](http://googlesystem.blogspot.com/2013/06/youtubes-smarter-video-
player.html)

Rather than using a single HTTP request to pull a video stream, your player
makes (hopefully intelligent) HTTP requests as needed to pull pieces of
potentially multiple streams of different bitrates.

