A PAKISTAN ISP THAT was ordered to censor YouTube accidentally managed to take down the video site around the world for several hours Sunday.
The Pakistani government ordered ISPs to censor YouTube to prevent Pakistanis from seeing a trailer to an anti-Islamic film by Dutch politician Geert Wilders. YouTube has since removed the clip for violating its terms of service, but a screenshot of the film, available via Google, shows a crude drawing of a pig defecating with the word Allah underneath it.
Pakistan Telecom complied by changing the BGP entry for YouTube — essentially updating its local internet address book for where YouTube’s section of the internet is. The idea was to direct its internet users to a page that said YouTube was blocked.
Unfortunately, the ISP announced the new route to upstream providers. The upstream providers didn’t verify the new route but accepted it and then passed it along, cascading the bad address around the net, until most everyone using the net on Sunday would have been directed to the Pakistani’s network block. The blunder not only took down YouTube, but also choked the Pakistani ISP, which was quickly deluged with millions of requests for talking cat videos.
So why did the upstream providers accept the information?
YouTube has a large block of IP addresses it owns — in essence, its BGP entry tells people to go to Madison Square Garden. Once your packets get there, they are then told which entrance to the Garden is least crowded.
But the Pakistani announcement said that YouTube was located at 123 Censorship Row, Suite 305, Lahore, Pakistan — which looks to be far more specific and thus more useful information than “Madison Square Garden.” And since the internet’s architecture still relies on trust, most networks — especially big ones — trust each other’s info without testing it.
This isn’t the first time such things have happened (ConEd did the same thing to Martha Stewart, among others, in 2006), and likely won’t be the last.
Will this outage prompt network operators change their ways and adopt long-standing proposals to verify changes to the BGP system?
THREAT LEVEL is doubtful. On Christmas Eve 2004, a Turkish ISP basically announced it was the destination for every site on the internet. And yet the architecture didn’t change.
Here’s what Todd Underwood, a VP at the internet monitoring firm Renesys, had to say about the Turkish outage a year later.
culled from :http://www.wired.com
images from: http://www.wired.com
