nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: YouTube IP Hijacking

From: "John van Oppen" <john () vanoppen com>
Date: Sun, 24 Feb 2008 13:06:03 -0800

Looks like it just went back to normal:

cr1-sea-A>show ip bgp 208.65.153.253
BGP routing table entry for 208.65.153.0/24, version 41150187
Paths: (3 available, best #3)
Flag: 0x8E0
  Advertised to update-groups:
     1          3          4          6          13         14
16        
  3356 3549 36561, (Received from a RR-client)
    208.76.153.126 (metric 110) from 208.76.153.126 (208.76.153.126)
      Origin IGP, metric 0, localpref 50, valid, internal
      Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2011
3549:4142 3549:30840 11404:1000 11404:1030
  2914 3549 36561, (Received from a RR-client)
    208.76.153.125 (metric 310) from 208.76.153.125 (208.76.153.125)
      Origin IGP, metric 0, localpref 49, valid, internal
      Community: 2914:420 2914:2000 2914:3000 11404:1000 11404:1010
  3491 3549 36561
    63.216.14.137 from 63.216.14.137 (63.216.14.9)
      Origin IGP, localpref 51, valid, external, best
      Community: 3491:2000 3491:2003 3491:3549 11404:1000 11404:1020
cr1-sea-A>



Probably worth noting that the performace at least from our perspective
(via PCCW) is abysmal.    As a side note, I know PCCW allows unfiltered
route-announcement capability to a large number of their customers, our
feed appears to be that way (or they apply RADB filters instantly which
would be a bit impressive).   



John van Oppen
Spectrum Networks LLC
206.973.8302 (Direct)
206.973.8300 (main office)

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Tomas L. Byrnes
Sent: Sunday, February 24, 2008 12:50 PM
To: Will Hargrave; nanog () merit edu
Subject: RE: YouTube IP Hijacking


Pakistan is deliberately blocking Youtube.

http://politics.slashdot.org/article.pl?sid=08/02/24/1628213

Maybe we should all block Pakistan.

 


-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On 
Behalf Of Will Hargrave
Sent: Sunday, February 24, 2008 12:39 PM
To: nanog () nanog org
Subject: Re: YouTube IP Hijacking


Sargun Dhillon wrote:


So, it seems that youtube's ip block has been hijacked by a more 
specific prefix being advertised. This is a case of IP 

hijacking, not 

case of DNS poisoning, youtube engineers doing something 

stupid, etc.

For people that don't know. The router will try to get the most 
specific prefix. This is by design, not by accident.


You are making the assumption of malice when the more likely 
cause is one of accident on the part of probably stressed NOC 
staff at 17557.

They probably have that /24 going to a gateway walled garden 
box which replies with a site saying 'we have banned this', 
and that /24 route is leaking outside of their AS via PCCW 
due to dodgy filters/communities.

Will
Previous By Date Next
Previous By Thread Next

Current thread: