nanog mailing list archives
RE: YouTube IP Hijacking
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Sun, 24 Feb 2008 13:06:50 -0800
Clearly, they are incensed by youtube content, so what makes anyone think that they would not be trying to engage in a case of Cyber-Jihad? I hosted the site that was rated #1 on Google for the Jyllands Posten (di2.nu) cartoons when it was a current issue, and I STILL get lots of script kiddie DOS from the Islamic world. I generally don't assume malice when mere incompetence will suffice, but in the case of the Islamic world, they've proved themselves malicious towards the non-Islamic world often, and violently, enough, that I don't believe they deserve that presumption of innocence any more. In either case, the correct COA is to filter all advertisements with AS 17557 in the path, until they fix the routes they are advertising, and let us know how they plan on making sure this doesn't happen again.
-----Original Message----- From: Neil Fenemor [mailto:neil.fenemor () fx net nz] Sent: Sunday, February 24, 2008 1:01 PM To: Tomas L. Byrnes Cc: Will Hargrave; nanog () merit edu Subject: Re: YouTube IP Hijacking While they are deliberately blocking Youtube nationally, I suspect the wider issue has no malice, and is a case of poorly constructed/ implemented outbound policies on their part, and poorly constructed/ implemented inbound polices on their upstreams part. On 25/02/2008, at 9:49 AM, Tomas L. Byrnes wrote:Pakistan is deliberately blocking Youtube. http://politics.slashdot.org/article.pl?sid=08/02/24/1628213 Maybe we should all block Pakistan.-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On BehalfOf Will Hargrave Sent: Sunday, February 24, 2008 12:39 PM To: nanog () nanog org Subject: Re: YouTube IP Hijacking Sargun Dhillon wrote:So, it seems that youtube's ip block has been hijacked by a more specific prefix being advertised. This is a case of IPhijacking, notcase of DNS poisoning, youtube engineers doing somethingstupid, etc.For people that don't know. The router will try to get the most specific prefix. This is by design, not by accident.You are making the assumption of malice when the morelikely cause isone of accident on the part of probably stressed NOC staffat 17557.They probably have that /24 going to a gateway walled garden box which replies with a site saying 'we have banned this',and that /24route is leaking outside of their AS via PCCW due to dodgy filters/communities. WillNeil Fenemor FX Networks
Current thread:
- YouTube IP Hijacking Sargun Dhillon (Feb 24)
- Re: YouTube IP Hijacking Will Hargrave (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Neil Fenemor (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Will Hargrave (Feb 24)
- Re: YouTube IP Hijacking Martin Hannigan (Feb 24)
- Re: YouTube IP Hijacking Simon Lockhart (Feb 24)
- Re: YouTube IP Hijacking Jim Mercer (Feb 25)
- Re: YouTube IP Hijacking Alexander Harrowell (Feb 25)
- Re: YouTube IP Hijacking Jim Mercer (Feb 25)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Will Hargrave (Feb 24)
- RE: YouTube IP Hijacking John van Oppen (Feb 24)
- Re: YouTube IP Hijacking Max Tulyev (Feb 24)
- Re: YouTube IP Hijacking Jim Popovitch (Feb 24)