Pakistan Hijacks YouTube IP Addresses > Great!

said by waynemr:

I'm curious if everything had been in IP6, if it would have been a problem? Doesn't IP6 include some authentication mechanisms that are absent in IP4?

said by quatrix:

Go ahead and take down a bunch of "websites", no problem. Now if we're talking about "web sites", that's another story.

said by flyingjoey:

Wait for those people in the offshore call centers to start becoming disgruntle, we’re all going to have to get new S.S. numbers, they’re going to F__K up our mortages, credit rating, banking information. Just wait and see.

said by flyingjoey:

I've said it from day one... We're teaching our enemies our technology and they will use it against us.

Wait for those people in the offshore call centers to start becoming disgruntle, we’re all going to have to get new S.S. numbers, they’re going to F__K up our mortages, credit rating, banking information. Just wait and see.

Conspiracy theory 101

said by pnh102:

So now it is possible for some turd world country to singlehandedly take down a major website. Why haven't we seen more of this sort of thing happening to other websites?

The security weakness lies in why those false instructions, which took YouTube offline for two hours on Sunday, were believed by routers around the globe. That's because Hong Kong-based PCCW, which provides the Internet link to Pakistan Telecom, did not stop the misleading broadcast--which is what most large providers in the United States and Europe do.

So why hasn't anyone done something about it? False broadcasts can amount to a denial-of-service attack and, if done with malicious intent, can send unsuspecting users to a fake bank, merchant, or credit card site.

To understand why this is both a serious Internet vulnerability and also difficult to fix requires delving into the technical details a little.

Kim Davies, ICANN's manager of route zone services, says ICANN isn't able to revoke the AS number of a misbehaving network provider. "It's best to think of them as similar to post codes or ZIP codes," Davies said. "We maintain a registry of them to ensure that they aren't conflicting."

If the address information provided by AS is reliable, all is well. But if an AS makes a false broadcast, because of a configuration mistake or for malicious reasons, all hell can break loose.

How could this have been prevented? First, Pakistan Telecom shouldn't have broadcast to the entire world that it was hosting YouTube's IP addresses. Second, Hong Kong-based PCCW could have recognized the broadcast as false and filtered it out.

An employee of PCCW, who wished to remain anonymous because he is not authorized to speak for the company, said that as soon as the false broadcast occurred, PCCW started receiving a flurry of phone calls from global ISPs wondering what had gone wrong. A YouTube representative also called.

One way to handle this is for network providers to be automatically notified when the virtual location of an Internet address changes, which is what some researchers have suggested in the form of a "hijack alert system." Another is to treat broadcasts with changes of addresses as suspicious for 24 hours and then accept them as normal. Simple filtering of broadcasts may not always work because some networks provide connectivity to customers with thousands of different routes.

Probably the most extensive countermeasure would be a technology like Secure BGP, which uses encryption to verify which network providers own Internet addresses and are authorized to broadcast changes. But Secure BGP has been around in one form or another form since 1998, and is still not a widely-used standard, mostly because it adds complexity and routers that understand will add additional cost.

At least that's been the conventional view. A high-profile incident like YouTube being knocked offline may accelerate this process, said Steven Bellovin of Columbia University. "I know there are serious deployment and operational issues," Bellovin said. "The question is this: When is the pain from routing incidents great enough that we're forced to act? It would have been nice to have done something before this, since now all the world's script kiddies have seen what can be done."

said by Linklist:

What do you think the chances are it will be implemented until some criminal org knocks a few countries off the air for days at a time?

said by Linklist:

So there is a probable fix, but it involves upgrading routers around the world. What do you think the chances are it will be implemented until some criminal org knocks a few countries off the air for days at a time?

said by pnh102:

As for authentication... I would hope that there is a better way to secure IP address blocks... or else we are in for a lot worse trouble.