YouTube IP Hijacking

Tomas L. Byrnes tomb at byrneit.net
Mon Feb 25 02:01:43 UTC 2008


 
This candidate list of requirements is for route sources that North
American Operators should trust to propagate long prefix routes, nothing
more, nothing less. In that context, some of your comments don't really
make sense.

Perhaps you might like to propose criteria you would find useful in
setting a level of trust, or some alternative method to avoid a
recurrence of a site that is widely visited being black holed through
another ISP advertising a more specific route?

Specifically:

In place of item 1, what criteria would you propose for the route
source?

Item 2: in this context, is specific to the needs of North American
Network Operators accepting long prefix routes. I am not advocating not
accepting routes from the ROW, just not very specific ones. It's
entirely possible for North American Operators to rely on law
enforcement in say, the EU and Australia.

Item 3: Glad we agree on something.

Item 4: How would you have said it?

I think it would be better to propose some constructive ideas as to how
we can avoid what happened today from recurring, and also deal with the
issue of hijacked IP space in general.


> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On 
> Behalf Of Patrick W. Gilmore
> Sent: Sunday, February 24, 2008 5:43 PM
> To: nanog at merit.edu
> Cc: Patrick W. Gilmore
> Subject: Re: YouTube IP Hijacking
> 
> 
> On Feb 24, 2008, at 7:36 PM, Tomas L. Byrnes wrote:
> 
> > I'm sure we can all find a list of "critical 
> infrastructure" ASes that 
> > could be trusted to peer via the "high priority" AS. I'd 
> say that the 
> > criteria should be:
> >
> > 1: Hosted at a Tier 1 provider.
> 
> That is a silly requirement.
> 
> (I am sorry, I tried hard to find a nicer way to say this, 
> but I really feel strongly about this.)
> 
> 
> > 2: Within a jurisdiction where North American operators have a good 
> > chance of having the law on their side in case of any 
> network outage 
> > caused by the entity.
> 
> This is also a bit strange.  Do your users never attach to a 
> host outside the USofA?
> 
> 
> > 3: Considered highly competent technically.
> 
> Here we agree.
> 
> 
> > 4: With state of the art security and operations.
> 
> I think we agree, but I wouldn't have said it like that.
> 
> --
> TTFN,
> patrick
> 
> 
> > OTOH: I would say that, until today, those who advocate not 
> engaging  
> > in
> > any kind of ethnic or political profiling would have 
> considered 17557,
> > as a national telco, a trusted route source.
> >
> >> -----Original Message-----
> >> From: Randy Epstein [mailto:repstein at chello.at]
> >> Sent: Sunday, February 24, 2008 4:15 PM
> >> To: Tomas L. Byrnes; 'Simon Lockhart'
> >> Cc: 'Michael Smith'; neil.fenemor at fx.net.nz; will at harg.net;
> >> nanog at merit.edu
> >> Subject: RE: YouTube IP Hijacking
> >>
> >> Tomas L. Byrnes wrote:
> >>
> >>> Perhaps certain ASes that are considered "high priority",
> >> like Google,
> >>> YouTube, Yahoo, MS (at least their update servers), can be
> >> trusted to
> >>> propagate routes that are not aggregated/filtered, so as to
> >> give them
> >>> control over their reachability and immunity to longer-prefix
> >>> hijacking (especially problematic with things like MS 
> update sites).
> >>
> >> Not to stir up a huge debate here, but if I were a day
> >> trader, I could live without YouTube for a day, but not
> >> e*trade or Ameritrade as it would be my livelihood.  If I
> >> were an eBay seller, why would I care about YouTube?  You get
> >> the idea.  What makes Google, YouTube, Yahoo, MS, etc more
> >> important?
> >>
> >> More importantly, why is PCCW not prefix filtering their 
> downstreams?
> >> Certainly AS17557 cannot be trusted without a filter.
> >>
> >> Randy
> >>
> >>> -----Original Message-----
> >>> From: Simon Lockhart [mailto:simon at slimey.org]
> >>> Sent: Sunday, February 24, 2008 2:07 PM
> >>> To: Tomas L. Byrnes
> >>> Cc: Michael Smith; neil.fenemor at fx.net.nz; will at harg.net;
> >>> nanog at merit.edu
> >>> Subject: Re: YouTube IP Hijacking
> >>>
> >>> On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote:
> >>>> Which means that, by advertising routes more specific
> >> than the ones
> >>>> they are poisoning, it may well be possible to restore universal
> >>>> connectivity to YouTube.
> >>>
> >>> Well, if you can get them in there.... Youtube tried that,
> >> to restore
> >>> service to the rest of the world, and the announcements didn't
> >>> propogate.
> >>>
> >>> Simon
> >>>
> >>
> >>
> >>
> >
> 
> 



More information about the NANOG mailing list