nanog mailing list archives
RE: YouTube IP Hijacking
From: "John van Oppen" <john () vanoppen com>
Date: Sun, 24 Feb 2008 13:06:03 -0800
Looks like it just went back to normal: cr1-sea-A>show ip bgp 208.65.153.253 BGP routing table entry for 208.65.153.0/24, version 41150187 Paths: (3 available, best #3) Flag: 0x8E0 Advertised to update-groups: 1 3 4 6 13 14 16 3356 3549 36561, (Received from a RR-client) 208.76.153.126 (metric 110) from 208.76.153.126 (208.76.153.126) Origin IGP, metric 0, localpref 50, valid, internal Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2011 3549:4142 3549:30840 11404:1000 11404:1030 2914 3549 36561, (Received from a RR-client) 208.76.153.125 (metric 310) from 208.76.153.125 (208.76.153.125) Origin IGP, metric 0, localpref 49, valid, internal Community: 2914:420 2914:2000 2914:3000 11404:1000 11404:1010 3491 3549 36561 63.216.14.137 from 63.216.14.137 (63.216.14.9) Origin IGP, localpref 51, valid, external, best Community: 3491:2000 3491:2003 3491:3549 11404:1000 11404:1020 cr1-sea-A> Probably worth noting that the performace at least from our perspective (via PCCW) is abysmal. As a side note, I know PCCW allows unfiltered route-announcement capability to a large number of their customers, our feed appears to be that way (or they apply RADB filters instantly which would be a bit impressive). John van Oppen Spectrum Networks LLC 206.973.8302 (Direct) 206.973.8300 (main office) -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Tomas L. Byrnes Sent: Sunday, February 24, 2008 12:50 PM To: Will Hargrave; nanog () merit edu Subject: RE: YouTube IP Hijacking Pakistan is deliberately blocking Youtube. http://politics.slashdot.org/article.pl?sid=08/02/24/1628213 Maybe we should all block Pakistan.
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Will Hargrave Sent: Sunday, February 24, 2008 12:39 PM To: nanog () nanog org Subject: Re: YouTube IP Hijacking Sargun Dhillon wrote:So, it seems that youtube's ip block has been hijacked by a more specific prefix being advertised. This is a case of IPhijacking, notcase of DNS poisoning, youtube engineers doing somethingstupid, etc.For people that don't know. The router will try to get the most specific prefix. This is by design, not by accident.You are making the assumption of malice when the more likely cause is one of accident on the part of probably stressed NOC staff at 17557. They probably have that /24 going to a gateway walled garden box which replies with a site saying 'we have banned this', and that /24 route is leaking outside of their AS via PCCW due to dodgy filters/communities. Will
Current thread:
- Re: YouTube IP Hijacking, (continued)
- Re: YouTube IP Hijacking Will Hargrave (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Neil Fenemor (Feb 24)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Will Hargrave (Feb 24)
- Re: YouTube IP Hijacking Martin Hannigan (Feb 24)
- Re: YouTube IP Hijacking Simon Lockhart (Feb 24)
- Re: YouTube IP Hijacking Jim Mercer (Feb 25)
- Re: YouTube IP Hijacking Alexander Harrowell (Feb 25)
- Re: YouTube IP Hijacking Jim Mercer (Feb 25)
- RE: YouTube IP Hijacking Tomas L. Byrnes (Feb 24)
- Re: YouTube IP Hijacking Will Hargrave (Feb 24)
- RE: YouTube IP Hijacking John van Oppen (Feb 24)
- Re: YouTube IP Hijacking Max Tulyev (Feb 24)
- Re: YouTube IP Hijacking Jim Popovitch (Feb 24)
- ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking) Jeroen Massar (Feb 24)
- Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking) Mikael Abrahamsson (Feb 24)
- Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking) Hank Nussbacher (Feb 24)
- Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking) Jon Lewis (Feb 25)
- Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates (Was: YouTube IP Hijacking) Ross Vandegrift (Feb 25)
- Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates sthaug (Feb 25)
- Re: ISP's who where affected by the misconfiguration: start using IRR and checking your BGP updates Patrick W. Gilmore (Feb 26)