[102692] in North American Network Operators' Group
RE: YouTube IP Hijacking
daemon@ATHENA.MIT.EDU (Tomas L. Byrnes)
Sun Feb 24 23:39:40 2008
Date: Sun, 24 Feb 2008 20:38:29 -0800
In-Reply-To: <C2A06BB1-509D-43B5-A019-824671BDF5A5@delong.com>
From: "Tomas L. Byrnes" <tomb@byrneit.net>
To: "Owen DeLong" <owen@delong.com>
Cc: "Simon Lockhart" <simon@slimey.org>, "Michael Smith" <msmith@internap.com>,
<neil.fenemor@fx.net.nz>, <will@harg.net>, <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
Not if only trusted peers are allowed to advertise to that AS. It's the
same mechanism proposed for blackholing on destination to dampen DOS a
while back, except it is to prevent hijacking, and therefore doesn't run
afoul of the AT&T patent (and now the prior art for this is in the
public domain).
It's also something that can be built using the existing infrastructure,
and rough consensus.
> -----Original Message-----
> From: Owen DeLong [mailto:owen@delong.com]=20
> Sent: Sunday, February 24, 2008 8:25 PM
> To: Tomas L. Byrnes
> Cc: Simon Lockhart; Michael Smith; neil.fenemor@fx.net.nz;=20
> will@harg.net; nanog@merit.edu
> Subject: Re: YouTube IP Hijacking
>=20
>=20
> On Feb 24, 2008, at 2:14 PM, Tomas L. Byrnes wrote:
>=20
> >
> > I figured as much, but it was worth a try.
> >
> > Which touches on the earlier discussion of the null routing of /32s=20
> > advertised by a special AS (as a means of black-holing DDOS=20
> traffic).
> >
> > It seems to me that a more immediately germane matter regarding BGP=20
> > route propagation is prevention of hijacking of critical routes.
> >
> > Perhaps certain ASes that are considered "high priority",=20
> like Google,=20
> > YouTube, Yahoo, MS (at least their update servers), can be=20
> trusted to=20
> > propagate routes that are not aggregated/filtered, so as to=20
> give them=20
> > control over their reachability and immunity to longer-prefix=20
> > hijacking (especially problematic with things like MS update sites).
> >
> >
> That's just inviting the injection of forged AS routes to=20
> commit abuse.
>=20
> Owen
>=20
> >
> >> -----Original Message-----
> >> From: Simon Lockhart [mailto:simon@slimey.org]
> >> Sent: Sunday, February 24, 2008 2:07 PM
> >> To: Tomas L. Byrnes
> >> Cc: Michael Smith; neil.fenemor@fx.net.nz; will@harg.net;=20
> >> nanog@merit.edu
> >> Subject: Re: YouTube IP Hijacking
> >>
> >> On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote:
> >>> Which means that, by advertising routes more specific=20
> than the ones=20
> >>> they are poisoning, it may well be possible to restore universal=20
> >>> connectivity to YouTube.
> >>
> >> Well, if you can get them in there.... Youtube tried that,=20
> to restore=20
> >> service to the rest of the world, and the announcements didn't=20
> >> propogate.
> >>
> >> Simon
> >>
>=20
>=20
