Pakistan/YouTube incident: how common is hijacking

Chief Scientist at RIPE NCC, the European registry for Internet addresses, looks at what happened during Pakistan Telecom's hijacking of YouTube

When Pakistan Telecom blocked YouTube's traffic one Sunday evening in February, the ISP created an international incident that wreaked havoc on the popular video site for more than two hours.

RIPE NCC, the European registry for Internet addresses, has conducted an analysis of what happened during Pakistan Telecom's hijacking of YouTube's traffic and the steps that YouTube took to stop the attack.

We posed some questions to RIPE NCC's Chief Scientist Daniel Karrenberg about the YouTube incident. Here's what he had to say:

How frequently do hijacking incidents like the Pakistan Telecom/YouTube incident happen?

Misconfigurations of iBGP (internal BGP, the protocol used between the routers in the same Autonomous System) happen regularly and are usually the result of an error. One such misconfiguration caused the Pakistan Telecom/YouTube incident. It appears that the Pakistan Telecom/YouTube incident was not an "attack" as some have labeled it, but a configuration error.

What is significant about the YouTube incident?

This incident was significant simply because it affected a prominent Internet service and therefore caught the public's attention.

Your analysis shows that YouTube reacted 80 minutes after the attack and that the attack was over after about two hours. Can you put that timeframe in context? Is that fast or slow?

This is normal, perhaps on the quick side.

What could YouTube have done to stop the attack sooner?

Nothing. It's also worth noting, though, that if everyone were to announce /24s [relatively small blocks of address space], it would present a serious problem for the Internet routing system.

Is there any technology or standard on the horizon -- possibly DNS Security or Secure BGP -- that could help prevent these types of attacks?

Securing BGP certainly offers a solution for this attack. However, much could be done today without new technology if ISPs configured BGP properly.

Are other US Web sites vulnerable to a similar type of attack?

Yes.

What can network managers do to prevent or minimize these types of attacks?

Network managers should do what they can to ensure that their ISPs and peers configure BGP properly.

Can I get more information about RIPE's Routing Information Service tools that were used to observe this event? Are these tools available to enterprise network managers? How much do they cost?

There's a full introduction to RIPE NCC's Routing Information Services available. But in short, the tools are free to use, and the service is financed by the RIPE NCC membership for the benefit of the whole Internet community.

What about the BGPlay visualization tool (mentioned in the case study)? Is that available, too? How much does it cost?

Yes, BGPlay is available publicly and can be used free of charge. For more information, see this site.

Your case study mentions that the RIPE community is discussing the introduction of digital certificates for Internet number resources. How would this help avoid this type of attack? What is the status of that roll-out?

Certification, in this context, would be an enhancement for good BGP configuration. Discussions about the adoption of certification in the RIPE NCC service region are still being conducted, led by the RIPE Certification Task Force. More information on this task force, and on certification in general, is available at here.

Some decisions in this area are due to be made at RIPE 56 meeting in Berlin in May 2008.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Carolyn Duffy Marsan

Network World

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?