The weak spot of the internet
Posted 27 February 2008 at 8:33AM by Ian Betteridge in Doing business online
For two hours on Sunday, YouTube - one of the most popular sites on the internet - was effectively wiped off the web. However, the problem wasn't the fault of YouTube's owner Google.
Instead, it appears that action taken by the Pakistani government had prevented the site from being seen not only by its own citizens, but also the rest of the world. The issue appears to be a simple mistake by a technician, which unfortunately meant that the routing information for YourTube - which effectively tells each computer how to send information to and from a site - became corrupted. Instead of blacking out YouTube for just one country, this meant the site went dark for the whole world.
The black out illustrates one of the weak spots of the internet. Although it is designed to be highly resilient, the internet also depends to a large degree on trust and co-operation. Although it would be difficult for anyone - even a government - to permanently cripple the network without a major effort, temporary black outs due to accidents or negligence are always possible.
This is something that's always worth bearing in mind when you rely on your web site for a large proportion of your business. While no one can stop a major disaster wreaking havoc, make sure your web host has service level agreements which at least guarantee that, if something happens, they will fix it as quickly as possible. It might not stop the kind of mistake which hit YouTube, but at least it will protect you from lesser errors.
Tags: bt, bt broadbandoffice, google, Pakistani government, youtube
New feature: Rate this post!
Average rating: 3.2/5
Comments
2. At February 27, 2008 10:51 AM, John Smith wrote:
Three day's old news! A good place I have found to keep up to date with news, as it happens is:
http://news.bbc.co.uk/technology/
Maybe a look in there would be helpfull!
3. At February 27, 2008 11:08 AM, anjanesh wrote:
OpenDns have also suggested it might have been a delibrate attempt by the pakistani government to cut off you tube by hijacking the ip address range of you tube. Now the very fact that this happened (and is possible) is scary but eventually the corect routing tables self propagated across the internet and the site was alive again. This proved the self healing nature of the world wide web.
However ;such incidents put into question the net neutrality concept; I mean what prevents next the tin pot dictator to come along and hijack another IP range on religious grounds ?
after all all websites are ip addres mapped on root dns servers and this incident could be a phishing attack in size xxl .
4. At February 28, 2008 9:40 AM, Bob HXC Holly wrote:
anjanesh, i think you are mistaken, perhaps read the site posted above you.
it was restored when YouTube contacted Pakistani ISP's and got them to undo the changes. I see nothing about self healing there!!!!
if your so worried about the next "dictator" maybe you should sell your computer and retire into a little cottage in the middle of nowhere.
5. At February 29, 2008 9:29 AM, Hulk 'The Real American' Hogan wrote:
In reference to Bob HXC Holly, was that not a bit harsh comment to make? As for anjanesh, I agree with your comments completly. You are a true hulkster indeed!
- Hulk Hogan
6. At February 29, 2008 1:34 PM, anjanesh wrote:
Ho Bob HXC Holly,
Thanks for your advice. In my humble opinion it was the self healing nature that ultimately resolved the matter.Since the internet backbone across the world operates on a mutally shared routing algorithms that are updated dynamically , it would have limited effect since the other routing tables would eventually pick up the error and distribute the correct paths.
The above link you kindly pointed out in the post above me (which in its form does'nt work anyway )is just one source among the hundreds available on the internet which i have taken the liberty to reference.while i am voicing my concerns that such an attack is indeed possible i really do have to thank you for your suggestionns on my retirement plans.
Being highly experienced and having an in depth analysis of IP address hijacking maybe you could reassure us that this is not possible at all so that i can cancel the lease papers on my cottage in the land of Far Far Away :-)
Showing a bit more professional courtesy in a busines blogging environment without vending your personal frustration would be good way to state your point Bob.
Thanks for the vote Hogan
7. At March 2, 2008 2:59 PM, Bob HXC Holly wrote:
please inform the rest of us what source shows this was self healed rather than done by a computer user modifying changes that they had previously made and ill rebuke my comments.
when you cant, you can just admit you made a mistake.
if the internet was so good at self healing, why would they employ anyone to maintain it!!
8. At March 3, 2008 8:59 AM, Hulk 'The Real American' Hogan wrote:
Bob HXC Holly, why can you admit that you where wrong? Leave the true hulkamaniac anjanesh alone!
9. At March 3, 2008 2:02 PM, vincent mcmahon wrote:
why is it that anjanesh always has to start an argument?
im afraid im going to have to disagree with bulk hogan and anjanesh. if something is incorrectly configured it wont just "self heal" it requires correct configuration THEN the propagation will fix the issue.
result
10. At March 3, 2008 2:34 PM, anjanesh wrote:
Hi Bob ,
All that happened was that Pak Telcom 'announced' electronically that it was in ownership of the IP address range rightfully held by you tube. Such annoucements are routinely held on the internet since IP addresses often change ownerships and are accepted more or less automatically.
http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtmlTime line of events
where 'AS = autonomous systems 'is a collection of IP networks and routers under the control of one entity (or sometimes more) that presents a common routing policy to the Internet'
18:47:00 busines as usual
18:47:45 first evidence of hijacked route propagating in Asia, AS path 3491 17557
18:48:00 several big trans-Pacific providers carrying hijacked route (9 ASNs)
18:48:30 several DFZ providers now carrying the bad route (and 47 ASNs)
18:49:00 most of the DFZ now carrying the bad route (and 93 ASNs)
18:49:30 all providers who will carry the hijacked route have it (total 97 ASNs)
20:07:25 YouTube, AS 36561 advertises the /24 that has been hijacked to its providers
20:07:30 several DFZ providers stop carrying the erroneous route
20:08:00 many downstream providers also drop the bad route
20:08:30 and a total of 40 some-odd providers have stopped using the hijacked route
20:18:43 and now, two more specific /25 routes are first seen from 36561
20:19:37 25 more providers prefer the /25 routes from 36561
20:28:12 peers of 36561 start seeing the routes that were advertised to transit at 20:07
20:50:59 evidence of attempted prepending, AS path was 3491 17557 17557
20:59:39 hijacked prefix is withdrawn by 3491, who disconnect 17557
21:00:00 You tube is back online
``````````
AS 17557 = pakistan telecom
AS 3491 = upstream ISP in Hong Kong PCCW```````
as you may see from the events above the ; the domino effect where IP address and routing tables are propagated worked both ways ie - first disconnecting you tube then reconnecting it.You tube has now added a third DNS server to prevent such future attacks. from the events above ; the upstream HK isp from pak telecom passed the wrong data ahead and started the chain reaction
`````````internet is designed to withstand large scale attacks (orginal military design of ARPANET which was the foundation for www) . Large swathes of the net can be disabled and traffic re routed automatically without human intervention.
People would be needed to monitor the internet but given the scale of the internet number of people need to monitor is astonishingly small. History has proved that large scale attacks - intentional or otherwise (DoS attacks against the primary root servers etc) have been self healing and with little or no human interaction.
You tube's IP was hijacked by annoucing a more specific prefix in one post - this could only have been done by you tube's engineers or someone specifically at ISP level . It is likely by design and not accidental. Someone would have to be really really stupid in an ISP to do this 'accidentally'.
``````````````
And this is not the first time this has happened.
``````````well Bob , the long and short of it is that in the internet age there is no correct answer for any question - you can believe what you want to .
Hope this helps
anjanesh
```````````````````````````````````for further info try
googling for 'how routing tables work on the internet '
you will get 2 million + results.info on this incident
http://digg.com/security/YouTube_hijacked_by_Pakistan_caused_global_outagehttp://www.datacenterknowledge.com/archives/2008/Feb/24/youtube_offline_pakistan_telecom_blamed.html
http://afp.google.com/article/ALeqM5io-SE_bmENEzM46rwdVuDt9iK5zg
http://www.dslreports.com/shownews/Pakistan-Hijacks-YouTube-IP-Addresses-92137
11. At March 3, 2008 7:07 PM, weatherlobe wrote:
could not care one little bit
What actually is a youtube?
Never really heard of it.
Is it really that vital?
12. At March 7, 2008 12:31 AM, Bob HXC Holly wrote:
well done Anjanesh, your copy and paste functions seem to be working...but then i guess if they break they will self heal as well!!!
and as for
Someone would have to be really really stupid in an ISP to do this 'accidentally'.
what you mean is, it COULD happen. didnt realise you was working with the guys at the ISP however, so kudos to you!
and if this was such a self healing issue, why did they create a third DNS?
http://www.renesys.com/blog/2005/12/internetwide_nearcatastrophela.shtml
if the internet self heals in the manner you discuss, surely the boy who does this blog should be out of a job?
13. At March 7, 2008 12:44 PM, anjanesh wrote:
Hi Bob,
If you cannot grasp the concept still..then you may believe what you want to.
cheers !
Post a comment
As 14 days have passed, comments are now closed for this entry.
1. At February 27, 2008 10:47 AM, Lucian wrote: