YouTube IP Hijacking

Tomas L. Byrnes tomb at byrneit.net
Mon Feb 25 04:38:29 UTC 2008 

Not if only trusted peers are allowed to advertise to that AS. It's the
same mechanism proposed for blackholing on destination to dampen DOS a
while back, except it is to prevent hijacking, and therefore doesn't run
afoul of the AT&T patent (and now the prior art for this is in the
public domain).

It's also something that can be built using the existing infrastructure,
and rough consensus.


> -----Original Message-----
> From: Owen DeLong [mailto:owen at delong.com] 
> Sent: Sunday, February 24, 2008 8:25 PM
> To: Tomas L. Byrnes
> Cc: Simon Lockhart; Michael Smith; neil.fenemor at fx.net.nz; 
> will at harg.net; nanog at merit.edu
> Subject: Re: YouTube IP Hijacking
> 
> 
> On Feb 24, 2008, at 2:14 PM, Tomas L. Byrnes wrote:
> 
> >
> > I figured as much, but it was worth a try.
> >
> > Which touches on the earlier discussion of the null routing of /32s 
> > advertised by a special AS (as a means of black-holing DDOS 
> traffic).
> >
> > It seems to me that a more immediately germane matter regarding BGP 
> > route propagation is prevention of hijacking of critical routes.
> >
> > Perhaps certain ASes that are considered "high priority", 
> like Google, 
> > YouTube, Yahoo, MS (at least their update servers), can be 
> trusted to 
> > propagate routes that are not aggregated/filtered, so as to 
> give them 
> > control over their reachability and immunity to longer-prefix 
> > hijacking (especially problematic with things like MS update sites).
> >
> >
> That's just inviting the injection of forged AS routes to 
> commit abuse.
> 
> Owen
> 
> >
> >> -----Original Message-----
> >> From: Simon Lockhart [mailto:simon at slimey.org]
> >> Sent: Sunday, February 24, 2008 2:07 PM
> >> To: Tomas L. Byrnes
> >> Cc: Michael Smith; neil.fenemor at fx.net.nz; will at harg.net; 
> >> nanog at merit.edu
> >> Subject: Re: YouTube IP Hijacking
> >>
> >> On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote:
> >>> Which means that, by advertising routes more specific 
> than the ones 
> >>> they are poisoning, it may well be possible to restore universal 
> >>> connectivity to YouTube.
> >>
> >> Well, if you can get them in there.... Youtube tried that, 
> to restore 
> >> service to the rest of the world, and the announcements didn't 
> >> propogate.
> >>
> >> Simon
> >>
> 
>

More information about the NANOG mailing list