Pakistan/YouTube incident: how common is hijacking

Chief Scientist at RIPE NCC, the European registry for Internet addresses, looks at what happened during Pakistan Telecom's hijacking of YouTube

When Pakistan Telecom blocked YouTube's traffic one Sunday evening in February, the ISP created an international incident that wreaked havoc on the popular video site for more than two hours.

RIPE NCC, the European registry for Internet addresses, has conducted an analysis of what happened during Pakistan Telecom's hijacking of YouTube's traffic and the steps that YouTube took to stop the attack.

We posed some questions to RIPE NCC's Chief Scientist Daniel Karrenberg about the YouTube incident. Here's what he had to say:

How frequently do hijacking incidents like the Pakistan Telecom/YouTube incident happen?

Misconfigurations of iBGP (internal BGP, the protocol used between the routers in the same Autonomous System) happen regularly and are usually the result of an error. One such misconfiguration caused the Pakistan Telecom/YouTube incident. It appears that the Pakistan Telecom/YouTube incident was not an "attack" as some have labeled it, but a configuration error.

What is significant about the YouTube incident?

This incident was significant simply because it affected a prominent Internet service and therefore caught the public's attention.

Your analysis shows that YouTube reacted 80 minutes after the attack and that the attack was over after about two hours. Can you put that timeframe in context? Is that fast or slow?

This is normal, perhaps on the quick side.

What could YouTube have done to stop the attack sooner?

Nothing. It's also worth noting, though, that if everyone were to announce /24s [relatively small blocks of address space], it would present a serious problem for the Internet routing system.

Is there any technology or standard on the horizon -- possibly DNS Security or Secure BGP -- that could help prevent these types of attacks?

Securing BGP certainly offers a solution for this attack. However, much could be done today without new technology if ISPs configured BGP properly.

Are other US Web sites vulnerable to a similar type of attack?

Yes.

What can network managers do to prevent or minimize these types of attacks?

Network managers should do what they can to ensure that their ISPs and peers configure BGP properly.

Can I get more information about RIPE's Routing Information Service tools that were used to observe this event? Are these tools available to enterprise network managers? How much do they cost?

There's a full introduction to RIPE NCC's Routing Information Services available. But in short, the tools are free to use, and the service is financed by the RIPE NCC membership for the benefit of the whole Internet community.

What about the BGPlay visualization tool (mentioned in the case study)? Is that available, too? How much does it cost?

Yes, BGPlay is available publicly and can be used free of charge. For more information, see this site.

Your case study mentions that the RIPE community is discussing the introduction of digital certificates for Internet number resources. How would this help avoid this type of attack? What is the status of that roll-out?

Certification, in this context, would be an enhancement for good BGP configuration. Discussions about the adoption of certification in the RIPE NCC service region are still being conducted, led by the RIPE Certification Task Force. More information on this task force, and on certification in general, is available at here.

Some decisions in this area are due to be made at RIPE 56 meeting in Berlin in May 2008.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Carolyn Duffy Marsan

Network World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?