Peer to Peer on CNN

On January 20, 2009, in Security, by

So if your outbound traffic increased as much as your inbound traffic and you see a spike in UDP port 8247, you may not have realized that you signed up for helping CNN to stream out it’s video.  CNN is using peer to peer technology through a Flash update.

Your computer just became a CNN streaming video node on their peer to peer backbone.  Now the interesting things is in that plug in, it doesn’t say that this is what the intent of that plug in is.  It just says that it’s a delivery enhancement.  What it doesn’t say that it will now setup your computer as a streaming node for 

Is that acceptable to your organization?  For some it may not be.  I’m tinfoily and paranoid enough that I would appreciated a nice eula telling me what’s included in that ‘enhancement’.

That flash client isn’t just serving you information, it’s making you part of the delivery process.  Just be aware that it may add traffic to your network as well.


6 Responses to Peer to Peer on CNN

  1. Vlad Mazek says:

    Click on the blue question mark..

  2. bradley says:
    Yes, I know. Still doesn’t say it’s peer to peer in black and white.

  3. indy says:

    This will be fun when people hack the content and put in their own outbound streams.

  4. Evan says:

    Ick! I’m even happier that most users at my Customer sites are running with non-Administrator user accounts.

    I suppose now I need to get this thing installed onto a test VM and capture the traffic coming in and out of it such that I can firewall it into oblivion. *sigh*

  5. Dan Farrell says:

    I noticed this behavior this evening. I graph my traffic, and it was 600 Kbps outbound and 200 Kbps inbound on my home ADSL connection… obviously I was serving something out. All I was doing was watching CNN Live and browsing normal (mostly just text) websites.

    My Snort alerts showed me multiple 8247 UDP connections (thinking it was an SQL attack lol), and I hopped on Google. Then it all became clear. Shame on CNN.

    I have successfully blocked 8247 inbound and still am able to view the streams on the CNN site. And traffic is below 100 Kbps in each direction now. Yay.

  6. Craig S says:

    During the install of the Plug-In, it refers to a privacy policy at Octoshape dot com. Anyone able to locate it? Because I couldn’t, I never installed it.