Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pakistan YouTube Block Breaks the World

Posted by ryuzaki0 on from the oops-they-did-it-again dept.

Allen54 noted a followup to yesterday's story about Pakistan's decision to block YouTube. He notes that "The telecom company that carries most of Pakistan's traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP's must block access to YouTube because it was a source of blasphemous content. YouTube has announced more granular routes so that at least in the US they supercede the routes announced by PieNet. The rest of the world is still struggling."

7 of 343 comments (clear)

  1. Re:But how did they do it? by rustalot42684 · · Score: 4, Interesting

    A zealous ISP ignorantly decides the best way to comply with the decree is to re-route all of YouTube's IP addresses to whatever site they thought was more appropriate. The first repercussion was that YouTube disappeared from the Internet for almost an hour. I suspect the second repercussion was that Pakistan's Internet access crawled to a halt as all of a sudden they were handling IP requests for one of the busiest sites in the world. So I suspect that they do have an AS number that allows them to upload global routes. I agree they should lose it though; censoring your own country is bad enough, but screwing up the rest of the world is absolutely unacceptable. I need my dancing cats!
  2. Re:But how did they do it? by suso · · Score: 5, Interesting

    Yeah that is very stupid. Why would you allow one of your customers to modify global routes when they don't have an AS number themselves?

    I imagine that this event will introduce a lot of people to how high level internet routing works. Yes, its that vulnerable folks. Scary, but fortunately these events don't happen often. I think back in late 90s was the time when someone in Pennsylvania introduced a global route for everything to go to 0.0.0.0, which brought everything down for a day.

  3. Gutenberg by Max_W · · Score: 5, Interesting
    Once the Islam world already did the same error. In 15th century when Gutenberg invented the printing press the Islam countries were a way ahead in science.

    But mullahs forbade printing for 200 years, while in Europe it exploded. Mostly it was silly: religious stuff, cartoons, sex, but it was also maps, mathematics, etc.

    Internet is about the same as an invention of printing was then. And again they are making the same mistake, again due to a fear of mullahs to lose their power.

    Like 500 years ago it will just slow the development of their civilization.

  4. Re:But how did they do it? by bluesky74656 · · Score: 5, Interesting

    Pakistan Telcom does have an ASN number. Just for kicks, try this:

    Head over to this site. It visualizes the BGP routes between different AS's. Click 'Start BGPlay'. The prefix in which YouTube lives is 208.65.153.0/24. Set the start time for about 24 Feb 2008 10:00, and the end time for about 25 Feb 2008 03:00 (times are UTC). Start the simulation.

    You'll see a bunch of ASNs. Two have red circles around them. You can get their name by clicking on the number. On the left is YouTube, and on the right is Pakistan Telcom. Click play and watch what happens.

    For those too lazy to actually watch this: All the routes destined for YouTube head towards Pakistan Telcom instead. Then, midway through, you see PCCW get wise and shut down those routes, and everyone slowly starts finding the actual YouTube. It's pretty neat to watch.

    --
    This page was generated by a Flock of Attack Kittens for you.
  5. Re:But how did they do it? by rs79 · · Score: 4, Interesting

    "The route was announced by AS17557"

    Youtube had a route for 208.65.152.0/22 (208.65.152.0 - 208.65.155.255), but Pakistan's main ISP in Hong Kong announced a route for 208.65.153.0/24 (208.65.153.0 - 208.65.153.255) to keep youtube off their net. What they didn't understand though is this really needs to be kept as a local routing policy so it only affected Pakistan, but it sorta snuck out and affected the entire network.

    Routing is the soft underbelly of the net.

    --
    Need Mercedes parts ?
  6. Re:CBG by Shakrai · · Score: 4, Interesting

    You must have missed the part of history class where they taught about the Lend-Lease Act. The US was very much involved in the war starting in March of 1941, we might not have had boots on the ground but without our help the UK wouldn't have stood much of a chance.

    And you must have missed the part of history class where they taught that the Battle of Britain started in June 1940, nine months prior to the passage of Lend-Lease.

    Seriously though even if Lend-Lease/other assistance (destroyers for bases comes to mind) was the sole thing that keep the Brits going, how does that diminish the bravery that they showed in continuing to fight on alone? They could have easily sought an armistice and probably would have emerged better off for doing so (the Empire would have survived instead of being bankrupted). The free world owes them a debt of gratitude for carrying on that fight even when things looked pretty bleak.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  7. Re:But how did they do it? by Fatal67 · · Score: 4, Interesting

    BGP does not rely on the honor system. Every provider has the ability to lock down announcements to the finest of detail. They may choose not to, but that's just piss poor network management.

    Every External BGP session (EBGP) SHOULD be configured with a very specific access list as to what that particular session will be allowed to announce to you.

    Obviously, tracking 20K plus announcements from a provider and creating an access list for it, daily, is a bit tedious. This is why Route Registries were created and many tools that will look up an AS in a route registry and generate the appropriate ACL are already in existence and in use. The problem is a lot of networks do not keep their registries up to date unless forced to by a peer / transit provider.

    A correctly configured session will allow only announcements of the specified address space at the specified length. Any major transit provider that allowed this should be looking at their advertisement policy and figuring out how to prevent it in the future. Solutions do exist and are used by the majority of large providers already.

    How the hell did /25's get propagated anyway? There are still transit networks that allow prefixes that small to be accepted externally?