7 Replies Latest reply on Sep 19, 2010 3:12 PM by my PC Techs

    Adobe Flash goes nuclear - takes down entire network

    tr0910 Level 1

      We have 10 Windows computers on a small unmanaged gigabit network with a DD-WRT Linksys WRT-54GS router and Dlink 2208 hubs, and were having problems with the network dieing, and nobody able to reach the internet or other computers on the network. It started happening suddenly.  There are additionally 3 VOIP lines on this network too and they would be killed.

       

      In troubleshooting, I could see an enormous amount of activity coming from one section of the network.  Disconnnecting this segment brought the network back online and functioning correctly.  Further tracing based on the flashing lights on the front of the hubs narrowed the problem to one computer, a new Windows XP-64 bit computer.  When I brought up the Local Area Connection Status in Windows, I could see an enormous number of packets being sent.

       

      Close to a million packets per second were being sent from this computer.

       

      Adobe Flash Player (ver 10,1,82,76) was taking a tremendous amount of CPU time for an idle computer, and killing this in task manager resulted in the network coming back alive immediately.

       

      Is this a known problem with Adobe Flash going nuclear and killing an entire network?

       

      (I had this problem twice before and was never able to trace it to my satisfaction.)

        • 1. Re: Adobe Flash goes nuclear - takes down entire network
          tedalde2

          I have recently seen this problem as well. We create Flash/AIR applications that pull files from our servers, and about every other day we see an IP

          address "go nuclear", circularly fetching one or more URLs for a minute or more. It creates thousands of requests during that time.

           

          It's very easy to create a "legitimate" looping network request in an SWF with only a few lines of code. It's really up the the developer... do you know the source of the SWF/app that produced the problem?

           

          The source of our problem seems to be a bug in the Actionscript Timer object. See me entered jira bug:

          http://bugs.adobe.com/jira/browse/FP-5304

          If a timer malfunctions in this way (for our apps, only under certain extreme fringe environment cases... there are only a handful of cases out of millions of requests), URLs are fetched as fast as Flash Player/user's system/network allows.

          • 2. Re: Adobe Flash goes nuclear - takes down entire network
            tr0910 Level 1

            I just saw it happen again.  Firefox 3.6.9 was running with 3 tabs pointing to these forums.  Adobe flash player was taking a significant amount of CPU time and the local area connection status screen showed outbound packets by about 100,000 per second being sent.  This took the entire network down again.

            • 3. Re: Adobe Flash goes nuclear - takes down entire network
              tedalde2 Level 2

              I'm not aware of any SWFs on these forums, but maybe there is an unseen one. What's the URL in question? Does the problem resolve by closing the browser/page, or do you need to force-quit flash player? Maybe Windows 64-bit/32-bit browser/flash plugin is part of the problem. It's not a virtual machine, is it? We caught the problem once using a virtual machine.

               

              Can you put an HTTP debugger (Fiddler, Charles, etc) on the box in question? If the problem shows, you can see for sure which SWF is causing it.

              • 4. Re: Adobe Flash goes nuclear - takes down entire network
                tr0910 Level 1

                I am not a flash developer so some of the best ideas may not be possible to test.  Closing the browser page didn't solve the problem.  Only way to fix the problem was to CtrlAltDel and kill the Adobe Flash Player from there.  Once I did that, it was immediate cure for the netword.

                 

                I can't say for sure that this browser never went anywhere other than these pages, because the Adobe Flash Player was loaded.  I believe that Hotmail may have been used before the Adobe Forums.  I may have gone to a page that triggered it.  Another possibility, could Adobe Flash Player have been compromised.  I am doing virus scans to see what I can find.

                • 5. Re: Adobe Flash goes nuclear - takes down entire network
                  tedalde2 Level 2

                  It's funny that Flash player persists in your task manager after closing the browser. Normally Flash Player only shows up in task manager if it is opened directly, which is not the case for the browser plugin. Maybe that's just the way 64-bit XP works, or possibly there was some other SWF open outside of the browser, which would be strange if you're not a flash developer.

                   

                  I think Flash Player being compromised is possible, but is less likely than simply a bad SWF session. I'd try to go through your history from that day to replicate the problem to find the bad SWF.

                  • 6. Re: Adobe Flash goes nuclear - takes down entire network
                    tr0910 Level 1

                    Yes, sometimes Flash Player doesn't close down when Firefox is shut down.  I didn't find any gremlins on my computer during virus analysis, so can't comment on that.  I suppose I could find the problem site and SWF, but since I didn't develop it, my concern with Flash is that it can get into such a snit, that it can take down an entire network and not just a computer.

                     

                    My concern is summarized this way.

                     

                    1. Was there something else on my computer that caused this problem. (virus etc)

                    2. If it is Flash causing this problem, perhaps Steve Jobs concerns with Flash were legit??  (I see Apple has backed down)

                    3. Grandma certainly wouldn't have been able to resolve this issue, and most computer users would have blamed their ISP since their internet was down.

                    4. How is the average computer user to deal with the complexity that these new technologies sometimes dump on them?

                    5. Are we headed to systems that are so complicated that these type of isses become more and more common?

                    • 7. Re: Adobe Flash goes nuclear - takes down entire network
                      my PC Techs

                      How is bad flash any different than malicious JavaScript? At least with this particular Flash problem, the computer can be rebooted and there's little long term damage. Bad JavaScript, on the other hand, will leave behind a virus or spyware.

                       

                      The answer to both problems is NoScript. Check it out, it's free, it works in Firefox, and it will nearly eliminate most of these problems you're having.