funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Routing FUBAR: Pakistan Declares War on YouTube

From: "Paul Ferguson" <fergdawg () netzero net>
Date: Sun, 24 Feb 2008 22:24:01 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For anyone who follows the NANOG mailing list, this is not news.

For those of you who do not, Rich Stiennon pretty much sums it up
on his blog:

[snip]

What could at first have been just one of those days on the Internet where
some newbie engineer accidentally announces a spurious route and takes out
a segment of the network has turned into an international fiasco. But no,
Pakistan has ordered all ISP’s to block YouTube.

So an ISP in Pakistan decided to announce a route that would re-direct
anyone trying to get to YouTube to some other site that probably hosted a
warning about the blasphemous content. Results were predictable. YouTube
itself disapeared from the Internet, and, I suspect that most of Pakistan
is experiencing performance issues as they are receiving ALL of the YouTube
requests from around the world. By 2:30 the Internet watch guards had
alerted the backbone provider for Pakistan to filter out those malicious
route announcements and alerted YouTube to announce more granular routes
that would supercede the Pakistani routes, at least in the US.

As of this writing, 3:30 Eastern most of the rest of world can still not
get to YouTube.

[snip]

More:
http://blogs.zdnet.com/threatchaos/?p=547

Background:
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/02/24/wpak324.xml

Note that this issue now appears to have resolved:
http://www.merit.edu/mail.archives/nanog/msg06307.html

And also, and additional interesting note -- all the YouTube DNS
servers were in the "hijacked" /24, but YouTube has since added
additional DNS servers in other unaffected prefixes:
http://www.merit.edu/mail.archives/nanog/msg06314.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHwe58q1pz9mNUZTMRArddAKDUXUlJp11lv5KnFdqaXMVDEaQRWgCg9FAw
TpdmmjmxFhT3Ke0og+5RJ2A=
=cCzo
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: