 |
 | 
fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo | Re: An accident or Pakistan sending a msg to Google ? I thought they were pissed about the cartoons on Wikipedia? | |
|
| | 
S_engineer
join:2007-05-16
Chicago, IL
| Re: An accident or Pakistan sending a msg to Google ? said by fireflier  :I thought they were pissed about the cartoons on Wikipedia? there are some cartoons floating on youtube, but who gives a rats arse! If these idiots will down a ISP because on content regarding MMMOOOOOOOOOOOOhammed, what will they do with pron, or any thing else that offends them.
This is the ultimnate political correctness! | |
|
| | |
S_engineer
join:2007-05-16
Chicago, IL
| Re: An accident or Pakistan sending a msg to Google ? said by S_engineer :said by fireflier :I thought they were pissed about the cartoons on Wikipedia? ultimnate *ultimate* sorry | |
|
| 
Dude111
An Awesome Dude
Premium
join:2003-08-04
USA | I agree with this!
quote:
they may have been sending Google a message for having refused to delete the Muhammad cartoons on YouTube.
| |
|
dispatcher21
join:2004-01-22
Walla Walla, WA | Durka Durka Durka I'm thinking accident. Would someone really do something like this on purpose knowing it would be notcied big time? | |
|
| deepblackmag
join:2004-12-27
99999
| Re: Durka Durka Durka With the incompetence of the average techs I deal with from that part of the world (who are ALL PHDs and CCIEs im sure *choughcheaterscough*) its clearly an accident. The idiots dont understand how to configure BGP properly and probablly just started redistributing everything from their IGP.
Too bad they let them back on the internet. | |
|
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
 ·Comcast
| Great! So now it is possible for some turd world country to singlehandedly take down a major website. Why haven't we seen more of this sort of thing happening to other websites?
--
This isn't fair! I was only supposed to hate just ONE presidential candidate! | |
|
| quatrix
join:2005-02-11
Davie, FL | Re: Great! Go ahead and take down a bunch of "websites", no problem. Now if we're talking about "web sites", that's another story. | |
|
| | |
| waynemr
join:2002-01-28
Madison, WI
| You know, I was thinking the exact thing. If it is that easy, what sort of a house of cards have we built?
I'm curious if everything had been in IP6, if it would have been a problem? Doesn't IP6 include some authentication mechanisms that are absent in IP4? | |
|
| |
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
·Comcast
| Re: Great! said by waynemr :I'm curious if everything had been in IP6, if it would have been a problem? Doesn't IP6 include some authentication mechanisms that are absent in IP4? From what I can conclude... IPv6 is the gallium arsenide of the network world... like the "semiconductor of the future... always has been, and always will be." 
As for authentication... I would hope that there is a better way to secure IP address blocks... or else we are in for a lot worse trouble.
--
This isn't fair! I was only supposed to hate just ONE presidential candidate! | |
|
| | | rahvin112
join:2002-05-24
Sandy, UT
| Re: Great! For all you paranoid that some country is going to do this to shutdown sites they disagree with, consider for a moment that it won't take very many phone calls to you ISP before they and the backbone operators blacklist the entire netblock for the country in question.
So if they want to shut down some site they can accomplish it for a short period, but afterwards the entire country or ISP responsible will be suddenly without routeable internet addresses and all the citizens could access would be in the country that tried this tactic. Given the seriousness of poisoning the IP stack it wouldn't be long before ARIN acted to permanently revoke the IP addresses of the offending computers and it would likely be a long time before said country could route to much of the rest of the world as each ISP would have to take down their blacklisting. | |
|
| | | patcat88
join:2002-04-05
Jamaica, NY
| said by pnh102 :As for authentication... I would hope that there is a better way to secure IP address blocks... or else we are in for a lot worse trouble. BGP (the internet's routing protocol) is as unsecure as SMTP email. Its amazing we don't have more problems. Both need to die. If this was the 1970s, this would be a case of someone with a blue box seriously screwing up a telco switch. There is a reason SS7 is out of band today, why is BGP still in band? | |
|
| | | | 
LilYoda
Feline with squirel personality disorder
Premium
join:2004-09-02
Mountains
| Re: Great! said by patcat88 :why is BGP still in band? Know of many other routing protocols that can handle that many routes, spread on that many autonomous systems? I'm not even sure IS-IS can...
--
Nicotine reaches and triggers the reward circuits of the brain in 7 seconds. Beat that, Work! | |
|
| flyingjoey
join:2005-11-07
Jersey City, NJ
 ·Verizon FIOS
| I've said it from day one... We're teaching our enemies our technology and they will use it against us.
Wait for those people in the offshore call centers to start becoming disgruntle, we’re all going to have to get new S.S. numbers, they’re going to F__K up our mortages, credit rating, banking information. Just wait and see.
Conspiracy theory 101  | |
|
| |
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
·Comcast
| Re: Great! said by flyingjoey :Wait for those people in the offshore call centers to start becoming disgruntle, we’re all going to have to get new S.S. numbers, they’re going to F__K up our mortages, credit rating, banking information. Just wait and see. That has already been happening.
But I blame the banks and other companies that have been allowed to offshore our personal information with such wanton disregard for security.
--
This isn't fair! I was only supposed to hate just ONE presidential candidate! | |
|
| | 
crippy
Premium
join:2005-05-17
some place | so true.. i can see it coming  | |
|
| | 
ShadPTR
join:2008-01-23
Markham, ON
 ·TekSavvy Solutions..
| said by flyingjoey :I've said it from day one... We're teaching our enemies our technology and they will use it against us. Wait for those people in the offshore call centers to start becoming disgruntle, we’re all going to have to get new S.S. numbers, they’re going to F__K up our mortages, credit rating, banking information. Just wait and see. Conspiracy theory 101 Lol...and you don't think your gov't does this to you already? | |
|
| | | flyingjoey
join:2005-11-07
Jersey City, NJ
·Verizon FIOS
| Re: Great! stop bitchin'... Canada is ours too... that's our backyard
Just kidding... I tell this to my canadian cousins just to bother them | |
|
| | ReneM
join:2003-07-18
Cockeysville, MD
| Our technology???
Luckily it's the www and not the usn (united states network). And going with that please thank German technology for the Saturn V and German/British/Swiss/Jewish/Polish technology for the nukes. While were at it, send a letter to Italian Leonardo for most of the basic science/technology principles used by the US. | |
|
| | | 
digitalfreak
Frodo failed. Bush has the ring
join:2005-12-09
Blacklick, OH | Re: Great! The Internet was created by the US government (ARPANET), so technically it is "our" technology. It was opened up and other countries were allowed to join. | |
|
| | | | 
work
@charter.com
| Re: Great! well... there was also a simultaneous project working on the same thign in switzerland, memory serving.
makes ya kinda wonder, really, if there were other projects working on the same idea, but becuse of hte US project they sorta scrapped it when DARPAnet went public? | |
|
|
factchecker
@cox.net
| said by pnh102 :So now it is possible for some turd world country to singlehandedly take down a major website. Why haven't we seen more of this sort of thing happening to other websites? It has ALWAYS been possible via BGP route announcements. The only reason this problem happened with an upstream provider failed to filter BGP announcements correctly. The finger pointing needs to be at PCCW, not the Pakistani Telecom guys. | |
|
| 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
·Comcast
| »www.news.com/8301-10784_3-987865···1_3-0-20
The security weakness lies in why those false instructions, which took YouTube offline for two hours on Sunday, were believed by routers around the globe. That's because Hong Kong-based PCCW, which provides the Internet link to Pakistan Telecom, did not stop the misleading broadcast--which is what most large providers in the United States and Europe do.
So why hasn't anyone done something about it? False broadcasts can amount to a denial-of-service attack and, if done with malicious intent, can send unsuspecting users to a fake bank, merchant, or credit card site.
To understand why this is both a serious Internet vulnerability and also difficult to fix requires delving into the technical details a little.
Kim Davies, ICANN's manager of route zone services, says ICANN isn't able to revoke the AS number of a misbehaving network provider. "It's best to think of them as similar to post codes or ZIP codes," Davies said. "We maintain a registry of them to ensure that they aren't conflicting."
If the address information provided by AS is reliable, all is well. But if an AS makes a false broadcast, because of a configuration mistake or for malicious reasons, all hell can break loose.
How could this have been prevented? First, Pakistan Telecom shouldn't have broadcast to the entire world that it was hosting YouTube's IP addresses. Second, Hong Kong-based PCCW could have recognized the broadcast as false and filtered it out.
An employee of PCCW, who wished to remain anonymous because he is not authorized to speak for the company, said that as soon as the false broadcast occurred, PCCW started receiving a flurry of phone calls from global ISPs wondering what had gone wrong. A YouTube representative also called.
One way to handle this is for network providers to be automatically notified when the virtual location of an Internet address changes, which is what some researchers have suggested in the form of a "hijack alert system." Another is to treat broadcasts with changes of addresses as suspicious for 24 hours and then accept them as normal. Simple filtering of broadcasts may not always work because some networks provide connectivity to customers with thousands of different routes.
Probably the most extensive countermeasure would be a technology like Secure BGP, which uses encryption to verify which network providers own Internet addresses and are authorized to broadcast changes. But Secure BGP has been around in one form or another form since 1998, and is still not a widely-used standard, mostly because it adds complexity and routers that understand will add additional cost.
At least that's been the conventional view. A high-profile incident like YouTube being knocked offline may accelerate this process, said Steven Bellovin of Columbia University. "I know there are serious deployment and operational issues," Bellovin said. "The question is this: When is the pain from routing incidents great enough that we're forced to act? It would have been nice to have done something before this, since now all the world's script kiddies have seen what can be done." So there is a probable fix, but it involves upgrading routers around the world. What do you think the chances are it will be implemented until some criminal org knocks a few countries off the air for days at a time?
--
My BLOG .. .. Internet News .. .. My Web Page | |
|
| |
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
·Comcast
| Re: News item on HOW this may be prevented in the future said by TK Junk Mail :What do you think the chances are it will be implemented until some criminal org knocks a few countries off the air for days at a time? Approximately 0.00%.
--
This isn't fair! I was only supposed to hate just ONE presidential candidate! | |
|
| | |
| |
tomkb
Premium
join:2000-11-15
Avon, OH
clubs:
edit:
February 25th, @09:11AM
| crap They have declared jihad on themselves.
>>>Apparently the country of Pakistan had to be taken offline while the entire mess was sorted out. | |
|
| 
Camelot One
Premium,MVM
join:2001-11-21
Austin, TX
clubs:
 ·VoicePulse
| Re: crap said by tomkb :They have declared jihad on themselves. >>>Apparently the country of Pakistan had to be taken offline while the entire mess was sorted out. I say we just leave them offline.
--
Intel Quad Core QX6700 @3500Mhz/Asus P5N32-E SLI/4x 1024Mb Corsair/Seagate 750.10/PNY 7800GTs SLI/Silverstone 850W/Custom water cooler | |
|
gaforces
United We Stand, Divided We Fall
join:2002-04-07
Santa Cruz, CA | Censorship Another plug for separation of church and state.
--
Vista ~ Less functional every day! | |
|
| 
Yauch
join:2005-06-24
| Re: Censorship said by gaforces :Another plug for separation of church and state. Yes, the separation of church and state must be enforced to assure unfettered access to funny cat videos for all. | |
|
soulcatch
@cox.net | Censorship, got to love it. LOL, And people want the UN to be in charge of DNS. | |
|
JPuppy
Java Heathen
Premium
join:2002-11-24
Glassboro, NJ
clubs:
| Eh, Whatever Pakistan is free to block Youtube to its citizens. It's abhorrent, but not surprising.
Regarding the 'hijacking', if the country continues to have accidents like this, they'll soon find themselves on a network of their own when foreign providers start refusing to peer with the troublemakers.
--
Only through the criticizing of others can we learn to love ourselves. | |
|
|
| vasta
join:2003-04-07
Orlando, FL | Re: interesting offensive material on youtube? i for one think the only offensive thing on youtube is that chocolate rain video | |
|
| |
TSI Gabe
Network Kung Fu
Premium,VIP
join:2007-01-03
Chatham, ON
| Wrong BGP advertisement From the description offered here. It appears that the Pakistan ISP injected the route through BGP to the internet and it did not get filtered by the upstream provider. It looks like that upstream provider doesn't have any good filtering policies whatsoever as it let this go through.
Unfortunately, there is nothing that can be done to really stop this problem as this is an actual limitation of BGP.
--
TSI Gabe - TekSavvy Solutions Inc. | |
|
| |
|
factchecker
@cox.net
| Thank you, someone with a clue commenting on the article.
You have gotten exactly what happen right to the T. PCCW dropped the ball by having poor filtering (actually, according to the NANOG discussion, NO filtering) in place.
All the screaming and whining about it being an Islamic strike at the internet lacks merit since there is no evidence to support it. | |
|
| | 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Netcong, NJ
| Re: Wrong BGP advertisement said by factchecker :
You have gotten exactly what happen right to the T. PCCW dropped the ball by having poor filtering (actually, according to the NANOG discussion, NO filtering) in place.
It sure is a fun conspiracy theory though for those that don't understand how the internets work.
There were two mistakes made it seems:
-The Pakistani ISP probably saw setting up an INTERNAL route as an easy way to propagate the youtube IPs throughout their own network where there was either an alternate site or some kind of proxy waiting to answer. But they screwed up and let the route go both external and internal.
-PCCW screwed up big time by not having route filters in place that only let the Pakistani ISP's netblocks through (although maintaining such a thing can be a bitch).
It took both mistakes for the routes to leak out... | |
|
| 
devrandom
I got a pot, full of random stuff here
Premium
join:2003-06-28
| said by TSI Gabe :From the description offered here. It appears that the Pakistan ISP injected the route through BGP to the internet and it did not get filtered by the upstream provider. It looks like that upstream provider doesn't have any good filtering policies whatsoever as it let this go through. Unfortunately, there is nothing that can be done to really stop this problem as this is an actual limitation of BGP. Threads of interest on NANOG (for the technically minded):
»www.merit.edu/mail.archives/nano···299.html
»www.merit.edu/mail.archives/nano···314.html | |
|
| 
refused
keeping IT real
join:2005-10-10
Redding, CA | BGP = blasphemous gateway protocol | |
|
AnonProxy
Proxy of Anon
Premium
join:2001-05-12
ß | Now you know why the fiber was cut Not as some spy thing or because we were tapping lines, it was to cut off the nefarious western influences of YouTube. | |
|
Alphy
join:2001-12-31
Troy, MI | Red herring President of Pakistan and the ruling cadre weren't too keen on open media; there were some videos of undercover voting "irregularities" during the election. | |
|
nutcr0cker
join:2003-04-02
Chandler, AZ
| you tube is offensive Now just think about all the spam the you tube admins will have to put up with including a million threats of beheading the islamic way. I pity those poor bastards. Seems like the 3-billion dollar aid we give to pakistan was effectively used to curb freedom of expression. Wounder if dubya would be implementing similar technology during his tenure | |
|
| gower2352
join:2005-06-08
Weston, WV
·Rapid Cable
| Re: you tube is offensive said by nutcr0cker :Now just think about all the spam the you tube admins will have to put up with including a million threats of beheading the islamic way. I pity those poor bastards. Seems like the 3-billion dollar aid we give to pakistan was effectively used to curb freedom of expression. Wounder if dubya would be implementing similar technology during his tenure fuck him if he does | |
|
dcsos
@verizon.net | You Tube Outage And I was trying to upload when it happened. I almost called VERIZON till i noticed my neighbor could get it fine (he's on Road Runner, no outage) | |
|
garmst
join:2000-09-17
New York, NY
| Freedom of expression does not exist in Islam Your silly Western notions of total freedom of expression does not work there or the other many locations in the world where Islam is the predominant religion. It is spreading as well. Get used to it. Coming to a neighborhood near you.
No this is not phobic, this is reality. | |
|
|
See 6 replies to this post |
|
Edward1978
join:2007-07-23
De Soto, IL | They can't let people see Women with their faces showing, jobs, voting & any other real freedom. | |
|
mrchris
Premium
join:2002-10-01
North Babylon, NY | *.pk If the administration of Pakistan is behind this, let Youtube ban the Pakastani domain for a month or two. | |
|
clrankin
Premium
join:2002-03-05
Purcellville, VA
| Too bad... ...we just didn't leave Pakistan offline entirely. If these people want to live in the dark ages with the rest of their society, they certainly don't need to participate in an online society.
Hopefully their citizenry will grow tired enough of this censorship and forced religion that some day they will rise up and overthrow the government.
--
Some terrorists don't wear rags on their head, go without showers for weeks, and smell like camel crap. Instead they live in America and support Hillary Clinton and Barack Obama for president. | |
|
| |
|
Pakistani Rasta
@ameritech.net
| said by clrankin :...we just didn't leave Pakistan offline entirely. If these people want to live in the dark ages with the rest of their society, they certainly don't need to participate in an online society. I think you might be missing the whole point of this "Internet" thing.
The idea here is that the Internet exposes people to ideas (and other people) that they otherwise might not be exposed to. Whether or not these particular ideas are any good is for individuals (not governments) to decide.
Anyone who claims that Pakistan (or any other country for that matter) doesn't "need to" participate in an online society....is missing the point of an online society.
If you want to see Pakistan remain in the "dark ages," with no hope of being exposed to Western ideas, then by all means keep talking the way you're talking.
You know, I thought I could claim that the Pakistanis had a lock on medieval, narrow-minded thinking, but it's become clear they enjoy no such monopoly. | |
|
sunny8294
Shqipe
join:2001-03-15
Localhost ;) | omg omg, the end of the internet 
RIP The Internet
--
.:: Sunny ::. | |
|
robertg1234
join:2004-04-19
Palo Alto, CA
edit:
February 25th, @07:28PM
| Let Me Quote From The Oracle! Somebody forgot their BGP "condom". As an experienced network engineer with 18 years behind me (blah blah blah ...), let me describe How To Apply And Use Your Condom:
[Straight From The Oracle -- aka: cisco.com]
How to Configure BGP Prefix-Based Route Filtering
The BGP Prefix-Based Route Filtering supports prefix length matching, wild-card based prefix matching, and exact address prefix matching for address family support.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip prefix-list list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]
4. router bgp as-number
5. address-family {ipv4 | ipv6 | vpnv4| [multicast | unicast | vrf {vrf-name}]
6. neighbor ip-address remote-as as-number
7. neighbor ip-address ebgp-multihop [hop-count]
8. neighbor ip-address capability orf prefix-list [send | receive | both]
9. neighbor {ip-address | peer-group-name} prefix-list prefix-list-name {in | out}
10. end
11. clear ip bgp {ip-address | *} in prefix-filter
NOW, APPLY YOUR CONDOM LIBERALLY AT ALL YOUR ORIFICES (eg: all your BGP exit points)
[edit} I just found this out:
"background: use of condoms for prevention of sexually transmitted infections including hiv/aids in pakistan is very low"
So that's why they had "leakage" from their "condom" ... :P | |
|
|
|
|
|
Pakistan Hijacks YouTube IP Addresses
An accident or Pakistan sending a msg to Google ?
·