nanog mailing list archives
RE: YouTube IP Hijacking
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Sun, 24 Feb 2008 18:01:43 -0800
This candidate list of requirements is for route sources that North American Operators should trust to propagate long prefix routes, nothing more, nothing less. In that context, some of your comments don't really make sense. Perhaps you might like to propose criteria you would find useful in setting a level of trust, or some alternative method to avoid a recurrence of a site that is widely visited being black holed through another ISP advertising a more specific route? Specifically: In place of item 1, what criteria would you propose for the route source? Item 2: in this context, is specific to the needs of North American Network Operators accepting long prefix routes. I am not advocating not accepting routes from the ROW, just not very specific ones. It's entirely possible for North American Operators to rely on law enforcement in say, the EU and Australia. Item 3: Glad we agree on something. Item 4: How would you have said it? I think it would be better to propose some constructive ideas as to how we can avoid what happened today from recurring, and also deal with the issue of hijacked IP space in general.
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Patrick W. Gilmore Sent: Sunday, February 24, 2008 5:43 PM To: nanog () merit edu Cc: Patrick W. Gilmore Subject: Re: YouTube IP Hijacking On Feb 24, 2008, at 7:36 PM, Tomas L. Byrnes wrote:I'm sure we can all find a list of "criticalinfrastructure" ASes thatcould be trusted to peer via the "high priority" AS. I'dsay that thecriteria should be: 1: Hosted at a Tier 1 provider.That is a silly requirement. (I am sorry, I tried hard to find a nicer way to say this, but I really feel strongly about this.)2: Within a jurisdiction where North American operators have a good chance of having the law on their side in case of anynetwork outagecaused by the entity.This is also a bit strange. Do your users never attach to a host outside the USofA?3: Considered highly competent technically.Here we agree.4: With state of the art security and operations.I think we agree, but I wouldn't have said it like that. -- TTFN, patrickOTOH: I would say that, until today, those who advocate notengagingin any kind of ethnic or political profiling would haveconsidered 17557,as a national telco, a trusted route source.-----Original Message----- From: Randy Epstein [mailto:repstein () chello at] Sent: Sunday, February 24, 2008 4:15 PM To: Tomas L. Byrnes; 'Simon Lockhart' Cc: 'Michael Smith'; neil.fenemor () fx net nz; will () harg net; nanog () merit edu Subject: RE: YouTube IP Hijacking Tomas L. Byrnes wrote:Perhaps certain ASes that are considered "high priority",like Google,YouTube, Yahoo, MS (at least their update servers), can betrusted topropagate routes that are not aggregated/filtered, so as togive themcontrol over their reachability and immunity to longer-prefix hijacking (especially problematic with things like MSupdate sites).Not to stir up a huge debate here, but if I were a day trader, I could live without YouTube for a day, but not e*trade or Ameritrade as it would be my livelihood. If I were an eBay seller, why would I care about YouTube? You get the idea. What makes Google, YouTube, Yahoo, MS, etc more important? More importantly, why is PCCW not prefix filtering theirdownstreams?Certainly AS17557 cannot be trusted without a filter. Randy-----Original Message----- From: Simon Lockhart [mailto:simon () slimey org] Sent: Sunday, February 24, 2008 2:07 PM To: Tomas L. Byrnes Cc: Michael Smith; neil.fenemor () fx net nz; will () harg net; nanog () merit edu Subject: Re: YouTube IP Hijacking On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote:Which means that, by advertising routes more specificthan the onesthey are poisoning, it may well be possible to restore universal connectivity to YouTube.Well, if you can get them in there.... Youtube tried that,to restoreservice to the rest of the world, and the announcements didn't propogate. Simon
Current thread:
- Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates, (continued)
- Re: YouTube IP Hijacking Paul Ferguson (Feb 24)
- Re: YouTube IP Hijacking Sena, Rich (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Simon Lockhart (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- RE: YouTube IP Hijacking Randy Epstein (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- RE: YouTube IP Hijacking michael.dillon (Feb 25)
- Re: YouTube IP Hijacking Jim Mercer (Feb 25)
- RE: YouTube IP Hijacking michael.dillon (Feb 25)
- Re: YouTube IP Hijacking JC Dill (Feb 26)
- Re: YouTube IP Hijacking Simon Lockhart (Feb 24)
- Re: YouTube IP Hijacking Steven M. Bellovin (Feb 24)
- Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 24)
- Re: YouTube IP Hijacking Sean Donelan (Feb 24)
- Re: YouTube IP Hijacking Steven M. Bellovin (Feb 25)
- Secure BGP (Was: YouTube IP Hijacking) michael.dillon (Feb 25)
- Re: Secure BGP (Was: YouTube IP Hijacking) Jeroen Massar (Feb 25)