Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pakistan YouTube Block Breaks the World

Posted by ryuzaki0 on from the oops-they-did-it-again dept.

Allen54 noted a followup to yesterday's story about Pakistan's decision to block YouTube. He notes that "The telecom company that carries most of Pakistan's traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP's must block access to YouTube because it was a source of blasphemous content. YouTube has announced more granular routes so that at least in the US they supercede the routes announced by PieNet. The rest of the world is still struggling."

6 of 343 comments (clear)

  1. A Better Technical Explanation by 1sockchuck · · Score: 5, Informative

    Better technical explanations of the event are available from the Renesys blog and Data Center Knowledge. The erroneous IP assignments spread across the net within 1 minute, 45 seconds of its announcement by Pakistan Telecom, according to a timeline by Renesys. It took about 80 minutes for YouTube to inform its providers that the route had been hijacked. YouTube says it is "investigating and working with others in the Internet community to prevent this from happening again."

  2. Political, not religious reasons. by Spy+der+Mann · · Score: 5, Informative

    All Things Pakistan points out that this may have a political rather than a "cultural" reason - given that a number of videos of election rigging were posted.

  3. Re:But how did they do it? by Shakrai · · Score: 5, Informative

    The BGP article on Wikipedia is as good a place to start as any. Beyond that you can do some Google searches for it.

    Basically BGP is the protocol used by routers to exchange route information with each other. A real oversimplification would involve three networks/routers, A, B and C. C receives it's network connectivity through A. C announces the networks it's responsible for to A, whom aggregates them before announcing them (and it's own networks) to B.

    In theory, A shouldn't accept any routes from C for IP addresses not owned by C. Apparently that wasn't the case here though, or Pakistan's little stunt wouldn't have impacted anybody outside of Pakistan.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  4. Arstechnica explains by rishistar · · Score: 5, Informative

    http://arstechnica.com/news.ars/post/20080225-insecure-routing-redirects-youtube-to-pakistan.html

    --
    Professor Karmadillo Songs of Science
  5. Why it broke, in techie by autocracy · · Score: 5, Informative
    I submitted this article yesterday while it was happening, but of course at that time details were even more sparse (speed vs. informative.. oh well). Some of the BGP routing information I captured is printed out on Wikinews. The basic idea is that Pakistan Telecon, BGP Autonomous System number 17557 began being chatty, saying that it owned Youtube's netblock. It did this using a /24 routing prefix, whereas Youtube exports its route as a /22 (which it should...). Because the /24 was more specific, it became the primary route of reference. This is similar to the "AS 7007" incident (Google it... there's no one good link) back in the late 1990s (one of two incidents in the history of the Internet that has brought the entire Internet down, IIRC).

    I'll check back for related questions to fill in any blanks later :)

    --
    SIG: HUP
  6. But how did they do it? by greedyturtle · · Score: 5, Informative

    For those of you who actually want to know "How they did it?" posted from: Renesys Blog
    which was found from Cydeweys which is updating as the story progresses. Both of those sites seem to be running a bit slow, so hesitate before clicking.

    Full text of Reneysys: Pakistan hijacks YouTube.

    A few hours ago, Pakistan Telecom (AS 17557) began advertising a small part of YouTube's (AS 36561) assigned network. This story is almost as old as BGP. Old hands will recognize this as, fundamentally, the same problem as the http://merit.edu/mail.archives/nanog/1997-04/msg00380.html">infamous AS 7007 from 1997, a more recent ConEd mistake of early 2006 and even TTNet's Christmas Eve gift 2005.

    Just before 18:48 UTC, Pakistan Telecom, in response to government order to block access to YouTube (see news item) started advertising a route for 208.65.153.0/24 to its provider, PCCW (AS 3491). For those unfamiliar with BGP, this is a more specific route than the ones used by YouTube (208.65.152.0/22), and therefore most routers would choose to send traffic to Pakistan Telecom for this slice of YouTube's network.

    I became interested in this immediately as I was concerned that I wouldn't be able to spend my evening watching imbecilic videos of cats doing foolish things (even for a cat). Then, I started to examine our mountains of BGP data and quickly noticed that the correct AS path ("Will the real YouTube please stand up?") was getting restored to most of our peers.

    The data points identified below are culled from over 250 peering sessions with 170 unique ASNs. While it is hard to describe exactly how widely this hijacked prefix was seen, we estimate that it was seen by a bit more than two-thirds of the Internet.

    This table shows the timing of the event and how quickly the route propagated (this is actually a fairly normal propagation pattern). The ASNs seeing the prefix were mostly transit ASNs below, so this means that these routes were distributed broadly across the Internet. Almost all of the default free zone (DFZ) carried the hijacked route at least briefly.

    18:47:00uninterrupted videos of exploding jello

    18:47:45first evidence of hijacked route propagating in Asia, AS path 3491 17557

    18:48:00several big trans-Pacific providers carrying hijacked route (9 ASNs)

    18:48:30several DFZ providers now carrying the bad route (and 47 ASNs)

    18:49:00most of the DFZ now carrying the bad route (and 93 ASNs)

    18:49:30all providers who will carry the hijacked route have it (total 97 ASNs)

    20:07:25YouTube, AS 36561 advertises the /24 that has been hijacked to its providers

    20:07:30several DFZ providers stop carrying the erroneous route

    20:08:00many downstream providers also drop the bad route

    20:08:30and a total of 40 some-odd providers have stopped using the hijacked route

    20:18:43and now, two more specific /25 routes are first seen from 36561

    20:19:3725 more providers prefer the /25 routes from 36561

    20:28:12peers of 36561 start seeing the routes that were advertised to transit at 20:07

    20:50:59evidence of attempted prepending, AS path was 3491 17557 17557

    20:59:39hijacked prefix is withdrawn by 3491,