Tags

, , ,

On February 24th, 2008, the Youtube routing has been hacked :-). Ya, that’s true. As Pakistan Government notify PTA (Pakistan Telecommunication Authority) to block Youtube access from Pakistan. And they announce Youtube IP Block. Defcon 16th conference describe the steps very nicely :

1. You Tube announces 5 prefixes : -A /19, /20, /22 and two /24s. The /22 is 208.65.152.0/22
2. Pakistan’s government decides to block You Tube.
3. Pakistan Telecom internally nails up a more specific route (208.65.153.0/24) out of You Tube’s /22 to nul0 (the routers discard interface)
4. Somehow redists from static —> bgp, then to PCCW
5. Upstream provider sends routes to everyone else..
6. Most of the net now goes to Pakistan for You Tube, gets nothing!
7. You Tube responds by announcing both the /24 and two more specific /25s, with partial success
8. PCCW turns off Pakistan Telecom peering two hours later
9. 3 to 5 minutes afterward, global bgp table is clean again.

Heheheh..that’s awesome. The details are in RIPE websites http://www.ripe.net/news/study-youtube-hijacking.html

So if your a transit ISP, please be careful. Please don’t be lazy to apply appropriate prefix list and as path filter.