YouTube IP Hijacking

• Previous message (by thread): YouTube IP Hijacking
• Next message (by thread): hijack chronology: was [ YouTube IP Hijacking ]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

y'all,

On Mon, Feb 25, 2008 at 06:49:35AM -0800, Barry Greene (bgreene) wrote:

> > Seriously -- a number of us have been warning that this could happen.
> > More precisely, we've been warning that this could happen 
> > *again*; we all know about many older incidents, from the 
> > barely noticed to the very noisy.  (AS 7007, anyone?)  
> > Something like S-BGP will stop this cold.
> > 
> > Yes, I know there are serious deployment and operational 
> > issues.  The question is this: when is the pain from routing 
> > incidents great enough that we're forced to act?  It would 
> > have been nice to have done something before this, since now 
> > all the world's script kiddies have seen what can be done.
> 
> BCPs stops this problem. soBGP may make it easier. 

except in the most meaningless of interpretations, i don't see how
BCPs solve this problem.

Barry:  did you mean:  "If only everyone on the Internet would
perfectly filter their customers prefix announcements on every
connection, then everything would be fine?"  Or perhaps:  "If everyone
would register all of their prefixes in some applicable routing
registry with such a degree of accuracy that we could build customer
and peer filters out of it then this problem would go away." ?

both are true statements, but neither is ever going to happen (i'm not
sure that sBGP or soBGP is going to happen ever either).

in the mean time all we can do is watch and try to respond to events
as quickly as they occur.   In fact, we would all be better off if
more people were just watching their prefix announcement
progapations.  Although this hijacking/blackholing was caught quickly,
i have seen many other cases where the event lasted for hours (or
days).  

by the way:  my colleague Martin A. Brown (who spoke at NANOG on the
Taiwan Earthquakes), has written a fairly detailed blog post on the
this event.  It includes a detailed timeline and some information for
people who might find that useful.

http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml

Clearly this is not the first interesting accidental hijacking and
certainly won't be the last.

t.


-- 
_____________________________________________________________________
todd underwood                                 +1 603 643 9300 x101
renesys corporation                            general manager babbledog
todd at renesys.com                               http://www.renesys.com/blog

• Previous message (by thread): YouTube IP Hijacking
• Next message (by thread): hijack chronology: was [ YouTube IP Hijacking ]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]