nanog mailing list archives

RE: YouTube IP Hijacking

From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Sun, 24 Feb 2008 18:01:43 -0800


 
This candidate list of requirements is for route sources that North
American Operators should trust to propagate long prefix routes, nothing
more, nothing less. In that context, some of your comments don't really
make sense.

Perhaps you might like to propose criteria you would find useful in
setting a level of trust, or some alternative method to avoid a
recurrence of a site that is widely visited being black holed through
another ISP advertising a more specific route?

Specifically:

In place of item 1, what criteria would you propose for the route
source?

Item 2: in this context, is specific to the needs of North American
Network Operators accepting long prefix routes. I am not advocating not
accepting routes from the ROW, just not very specific ones. It's
entirely possible for North American Operators to rely on law
enforcement in say, the EU and Australia.

Item 3: Glad we agree on something.

Item 4: How would you have said it?

I think it would be better to propose some constructive ideas as to how
we can avoid what happened today from recurring, and also deal with the
issue of hijacked IP space in general.

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On 
Behalf Of Patrick W. Gilmore
Sent: Sunday, February 24, 2008 5:43 PM
To: nanog () merit edu
Cc: Patrick W. Gilmore
Subject: Re: YouTube IP Hijacking


On Feb 24, 2008, at 7:36 PM, Tomas L. Byrnes wrote:

I'm sure we can all find a list of "critical

infrastructure" ASes that

could be trusted to peer via the "high priority" AS. I'd

say that the

criteria should be:

1: Hosted at a Tier 1 provider.


That is a silly requirement.

(I am sorry, I tried hard to find a nicer way to say this, 
but I really feel strongly about this.)

2: Within a jurisdiction where North American operators have a good 
chance of having the law on their side in case of any

network outage

caused by the entity.


This is also a bit strange.  Do your users never attach to a 
host outside the USofA?

3: Considered highly competent technically.


Here we agree.

4: With state of the art security and operations.


I think we agree, but I wouldn't have said it like that.

--
TTFN,
patrick

OTOH: I would say that, until today, those who advocate not

engaging

in
any kind of ethnic or political profiling would have

considered 17557,

as a national telco, a trusted route source.

-----Original Message-----
From: Randy Epstein [mailto:repstein () chello at]
Sent: Sunday, February 24, 2008 4:15 PM
To: Tomas L. Byrnes; 'Simon Lockhart'
Cc: 'Michael Smith'; neil.fenemor () fx net nz; will () harg net;
nanog () merit edu
Subject: RE: YouTube IP Hijacking

Tomas L. Byrnes wrote:

Perhaps certain ASes that are considered "high priority",

like Google,

YouTube, Yahoo, MS (at least their update servers), can be

trusted to

propagate routes that are not aggregated/filtered, so as to

give them

control over their reachability and immunity to longer-prefix
hijacking (especially problematic with things like MS

update sites).


Not to stir up a huge debate here, but if I were a day
trader, I could live without YouTube for a day, but not
e*trade or Ameritrade as it would be my livelihood.  If I
were an eBay seller, why would I care about YouTube?  You get
the idea.  What makes Google, YouTube, Yahoo, MS, etc more
important?

More importantly, why is PCCW not prefix filtering their

downstreams?

Certainly AS17557 cannot be trusted without a filter.

Randy

-----Original Message-----
From: Simon Lockhart [mailto:simon () slimey org]
Sent: Sunday, February 24, 2008 2:07 PM
To: Tomas L. Byrnes
Cc: Michael Smith; neil.fenemor () fx net nz; will () harg net;
nanog () merit edu
Subject: Re: YouTube IP Hijacking

On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote:

Which means that, by advertising routes more specific

than the ones

they are poisoning, it may well be possible to restore universal
connectivity to YouTube.


Well, if you can get them in there.... Youtube tried that,

to restore

service to the rest of the world, and the announcements didn't
propogate.

Simon

Current thread:

Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates, (continued)
- - - Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates Patrick W. Gilmore (Feb 26)
    - Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking) Justin Shore (Feb 24)
- Re: YouTube IP Hijacking Paul Ferguson (Feb 24)
- Re: YouTube IP Hijacking Sena, Rich (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
  - Re: YouTube IP Hijacking Simon Lockhart (Feb 24)
    - RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
    - RE: YouTube IP Hijacking Randy Epstein (Feb 24)
    - RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
    - Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 24)
    - RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
    - RE: YouTube IP Hijacking michael.dillon (Feb 25)
    - Re: YouTube IP Hijacking Jim Mercer (Feb 25)
    - RE: YouTube IP Hijacking michael.dillon (Feb 25)
    - Re: YouTube IP Hijacking JC Dill (Feb 26)
    - Re: YouTube IP Hijacking Steven M. Bellovin (Feb 24)
    - Re: YouTube IP Hijacking Patrick W. Gilmore (Feb 24)
    - Re: YouTube IP Hijacking Sean Donelan (Feb 24)
    - Re: YouTube IP Hijacking Steven M. Bellovin (Feb 25)
    - Secure BGP (Was: YouTube IP Hijacking) michael.dillon (Feb 25)
    - Re: Secure BGP (Was: YouTube IP Hijacking) Jeroen Massar (Feb 25)

(Thread continues...)