Recovering from stuck modifier keys caused by VMware
Malaysia Federal and State Public Holiday for 2008
Chua Soi Lek confess he's the one in the sex DVD
What US soldiers do when they run out of Iraqis and Afghans to kill
Man Holds Record For Being Thrown By Car
Your hand is on my boobs
Weird tea-party
Didelphic Uterus
Rugby is for gay man
Free Plone Website Hosting
Forgot your password?
New user?
Home
Pakistan hijacks YouTube
The world deprived from exploding jello
From Renesys.com...
A few hours ago, Pakistan Telecom (AS 17557) began advertising a small part of YouTube's (AS 36561) assigned network. This story is almost as old as BGP. Old hands will recognize this as, fundamentally, the same problem as the infamous AS 7007 from 1997, a more recent ConEd mistake of early 2006 and even TTNet's Christmas Eve gift 2005.
Just before 18:48 UTC, Pakistan Telecom, in response to government order to block access to YouTube (see news item) started advertising a route for 208.65.153.0/24 to its provider, PCCW (AS 3491). For those unfamiliar with BGP, this is a more specific route than the ones used by YouTube (208.65.152.0/22), and therefore most routers would choose to send traffic to Pakistan Telecom for this slice of YouTube's network.
I became interested in this immediately as I was concerned that I wouldn't be able to spend my evening watching imbecilic videos of cats doing foolish things (even for a cat). Then, I started to examine our mountains of BGP data and quickly noticed that the correct AS path ("Will the real YouTube please stand up?") was getting restored to most of our peers.
The data points identified below are culled from over 250 peering sessions with 170 unique ASNs. While it is hard to describe exactly how widely this hijacked prefix was seen, we estimate that it was seen by a bit more than two-thirds of the Internet.
This table shows the timing of the event and how quickly the route propagated (this is actually a fairly normal propagation pattern). The ASNs seeing the prefix were mostly transit ASNs below, so this means that these routes were distributed broadly across the Internet. Almost all of the default free zone (DFZ) carried the hijacked route at least briefly.
18:47:00 uninterrupted videos of exploding jello 18:47:45 first evidence of hijacked route propagating in Asia, AS path 3491 17557 18:48:00 several big trans-Pacific providers carrying hijacked route (9 ASNs) 18:48:30 several DFZ providers now carrying the bad route (and 47 ASNs) 18:49:00 most of the DFZ now carrying the bad route (and 93 ASNs) 18:49:30 all providers who will carry the hijacked route have it (total 97 ASNs) 20:07:25 YouTube, AS 36561 advertises the /24 that has been hijacked to its providers 20:07:30 several DFZ providers stop carrying the erroneous route 20:08:00 many downstream providers also drop the bad route 20:08:30 and a total of 40 some-odd providers have stopped using the hijacked route 20:18:43 and now, two more specific /25 routes are first seen from 36561 20:19:37 25 more providers prefer the /25 routes from 36561 20:28:12 peers of 36561 start seeing the routes that were advertised to transit at 20:07 20:50:59 evidence of attempted prepending, AS path was 3491 17557 17557 20:59:39 hijacked prefix is withdrawn by 3491, who disconnect 17557 21:00:00 the world rejoices; Leeroy Jenkins online again.
E-mail - All
