[102843] in North American Network Operators' Group
Re: RIPE NCC publishes case study of youtube.com hijack
daemon@ATHENA.MIT.EDU (David Ulevitch)
Fri Feb 29 14:11:22 2008
Date: Fri, 29 Feb 2008 10:49:30 -0800
From: David Ulevitch <davidu@everydns.net>
To: Danny McPherson <danny@tcb.net>
CC: NANOG NANOG <nanog@merit.edu>
In-Reply-To: <70F37B6C-E747-4591-8963-858245F2678E@tcb.net>
Errors-To: owner-nanog@merit.edu
Danny McPherson wrote:
> On Feb 29, 2008, at 7:46 AM, David Ulevitch wrote:
>>
>> It's worth noting that from where I sit, it appears as though none of
>> Youtube's transit providers accepted this announcement. Only their
>> peers.
>
> A simple artifact of shortest AS path route selection.
Well, we (youtube and opendns) share some common transit providers --
and so I had expected to see all announcements from one customer to
another customer directly downstream from the provider. But you very
well could be right.
>
> Had those same providers explicitly not accepted the /24 announcement
> from AS 17557 via their peers you wouldn't have been affected at all.
Of course... In fact, wouldn't it even providers benefit from having
some logic that says "don't ever accept a more specific of a
customer-announced prefix?"
Customers might not like that though... :-)
> You prevent this by ubiquitous deployment of explicit customer and inter-
> provider prefix filters, you don't open things up more so that when
> problems occur, folks can try to hack around them.
Like most things, ymmv.
-David
