[102697] in North American Network Operators' Group
Re: YouTube IP Hijacking
daemon@ATHENA.MIT.EDU (Rick Astley)
Mon Feb 25 01:59:26 2008
Date: Mon, 25 Feb 2008 01:20:08 -0500
From: "Rick Astley" <jnanog@gmail.com>
To: "Tomas L. Byrnes" <tomb@byrneit.net>
Cc: nanog@merit.edu
In-Reply-To: <70D072392E56884193E3D2DE09C097A9EF16@pascal.zaphodb.org>
Errors-To: owner-nanog@merit.edu
------=_Part_6162_24346913.1203920408888
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
It does sort of shed light on a sobering fact that some of the PCCW's of the
world are not using proper filtering, and with a coordinated effort, someone
could inject a large number of routes into the global routing table through
them effectively taking offline much of the Internet.
Anything more specific than a /24 would get blocked by many filters, so some
of the "high target" sites may want to announce their mission critical IP
space as /24 and avoid using prepends.
If the PCCW's of the world are not going to sanity check inbound
announcements from some of their peers, they should at least be prepending
them to help fight abuse of this nature (accidental or not).
Also, IANAL, but there seems to be a misconception of what AT&T's DDoS
patent (application 20060031575) covers. The patent is not simply about
blackholing an IP address, it claims "Such a selective black-holing scheme
can be used to allow some traffic to continue in route to the IP address
under attack, while other traffic is diverted."
So simply blackholing everything destined to an IP address does not seem to
conflict with the patent.
As a side note, it will be interesting to see how the youtube posters
respond to this.
If Pakistan thought the site was offensive before, I doubt they will be
amused at the backlash that will probably occur as the result of this.
I have a feeling youtubers will be trying to 1up each other for most
offensive video.
------=_Part_6162_24346913.1203920408888
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
It does sort of shed light on a sobering fact that some of the PCCW's of the world are not using proper filtering, and with a coordinated effort, someone could inject a large number of routes into the global routing table through them effectively taking offline much of the Internet.<br>
<br>Anything more specific than a /24 would get blocked by many filters, so some of the "high target" sites may want to announce their mission critical IP space as /24 and avoid using prepends.<br><br>If the PCCW's of the world are not going to sanity check inbound announcements from some of their peers, they should at least be prepending them to help fight abuse of this nature (accidental or not).<br>
<br>Also, IANAL, but there seems to be a misconception of what AT&T's DDoS patent (application 20060031575) covers. The patent is not simply about blackholing an IP address, it claims "Such a selective black-holing scheme can be used to allow some traffic to continue in route to the IP address under attack, while other traffic is diverted."<br>
<br>So simply blackholing everything destined to an IP address does not seem to conflict with the patent.<br><br>As a side note, it will be interesting to see how the youtube posters respond to this.<br>If Pakistan thought the site was offensive before, I doubt they will be amused at the backlash that will probably occur as the result of this.<br>
<br>I have a feeling youtubers will be trying to 1up each other for most offensive video.<br>
------=_Part_6162_24346913.1203920408888--
