Pakistan YouTube Block Breaks the World

Allen54 noted a followup to yesterday's story about Pakistan's decision to block YouTube. He notes that "The telecom company that carries most of Pakistan's traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP's must block access to YouTube because it was a source of blasphemous content. YouTube has announced more granular routes so that at least in the US they supercede the routes announced by PieNet. The rest of the world is still struggling."

Re:But how did they do it?

[rustalot42684]

A zealous ISP ignorantly decides the best way to comply with the decree is to re-route all of YouTube's IP addresses to whatever site they thought was more appropriate. The first repercussion was that YouTube disappeared from the Internet for almost an hour. I suspect the second repercussion was that Pakistan's Internet access crawled to a halt as all of a sudden they were handling IP requests for one of the busiest sites in the world.

So I suspect that they do have an AS number that allows them to upload global routes. I agree they should lose it though; censoring your own country is bad enough, but screwing up the rest of the world is absolutely unacceptable. I need my dancing cats!

Re:But how did they do it?

[suso]

Yeah that is very stupid. Why would you allow one of your customers to modify global routes when they don't have an AS number themselves?

I imagine that this event will introduce a lot of people to how high level internet routing works. Yes, its that vulnerable folks. Scary, but fortunately these events don't happen often. I think back in late 90s was the time when someone in Pennsylvania introduced a global route for everything to go to 0.0.0.0, which brought everything down for a day.

Re:But how did they do it?

[Anonymous Coward]

That's obviously not going to work, because internationally "your side" is good and the other side is bad, no matter whose side you're on. The only reasonable solution is to add cryptographic authentication to route announcements. The address registries would have to list a public key with all IP address assignments and routes to those addresses would only be accepted with the correct signature.

Re:CBG

[TheRaven64]

Although, despite living in the People's Republic of (formerly Great) Britain, my internet seems to be working. I can even access YouTube

Did you try yesterday? YouTube was offline yesterday from the UK when I tried from two unrelated ISPs.

Re:But how did they do it?

[mpe]

Not to mention that they should keep ALL manner of global routing out of countries that censor the internet...

Thing is that there dosn't appear to be a candiate country to do this. You'd need one without any culture of censorship and a strong enough military (including globally targeted nuclear missiles) not to be pushed around by the countries interested in censorship.

Re:But how did they do it?

[seanadams.com]

In theory, A shouldn't accept any routes from C for IP addresses not owned by C.

If you already know whose IP address are whose, then what do you need the routing protocol for in the first place? BGP inherently depends on the honor system - that is the crux of the problem. There is no "in theory" where this is really solved (yet).

Re:A Better Technical Explanation

[qmaqdk]

The erroneous IP assignments spread across the net within 1 minute, 45 seconds of its announcement by Pakistan Telecom, according to a timeline by Renesys.

A minute and 45 seconds to spread across the world. Really makes you think. With approx. 20000 km from one point on the planet to it's opposite that's around 190 km/sec.

Re:Am I the only one...

[Goffee71]

Apparently the story behind the story is that Youtube videos were showing evidence of vote rigging in the PAK elections. So this is the perfect Slashdot story, voting fraud and internet denial, surely it deserves some sort of gold star.

And religion was just a dead herring.

Gutenberg

[Max_W]

Once the Islam world already did the same error. In 15th century when Gutenberg invented the printing press the Islam countries were a way ahead in science.

But mullahs forbade printing for 200 years, while in Europe it exploded. Mostly it was silly: religious stuff, cartoons, sex, but it was also maps, mathematics, etc.

Internet is about the same as an invention of printing was then. And again they are making the same mistake, again due to a fear of mullahs to lose their power.

Like 500 years ago it will just slow the development of their civilization.

Re:But how did they do it?

[bluesky74656]

Pakistan Telcom does have an ASN number. Just for kicks, try this:

Head over to this site [routeviews.org]. It visualizes the BGP routes between different AS's. Click 'Start BGPlay'. The prefix in which YouTube lives is 208.65.153.0/24. Set the start time for about 24 Feb 2008 10:00, and the end time for about 25 Feb 2008 03:00 (times are UTC). Start the simulation.

You'll see a bunch of ASNs. Two have red circles around them. You can get their name by clicking on the number. On the left is YouTube, and on the right is Pakistan Telcom. Click play and watch what happens.

For those too lazy to actually watch this: All the routes destined for YouTube head towards Pakistan Telcom instead. Then, midway through, you see PCCW get wise and shut down those routes, and everyone slowly starts finding the actual YouTube. It's pretty neat to watch.

Re:Cue "Islam is evil post"

[gardyloo]

just like a butterfly emerging from the cocoon; if you see it struggle and decide to help it out, it won't have the ability to survive on its own later.

You know, I'd never heard this analogy before, so I looked it up online. Every reference to it that I can *easily* find has some sort of religious message behind it.
      My own personal suspicion is that one very easily can help a butterfly emerge from its crystalis; if one doesn't damage the wings in the process, the butterfly would probably benefit greatly from not having to struggle free. It's not as though they face great epistemological issues in their daily lives.

Re:Common law

[Shakrai]

Strange thing is, common law no longer applies in Britain.

Maybe it should. And maybe people should study history more and realize that the rights of the people should not be taken away (by a Monarch or an elected Legislature) for any reason. That was one of the underlying principles of the Magna Carta and the Common Law -- the right to limit the power that the Monarch/Legislature/Government has over us and the idea that Governments derive their power from the consent of the Governed (to quote the US Declaration of Independence).

It seems that history taught us that we have the right to limit the power of the Monarch but not that we have the right (and necessity) to limit the power of the elected legislature. An elected legislature can trample on your rights as easily as a monarch can unless you take steps to prevent it.

Re:But how did they do it?

[rs79]

"The route was announced by AS17557"

Youtube had a route for 208.65.152.0/22 (208.65.152.0 - 208.65.155.255), but Pakistan's main ISP in Hong Kong announced a route for 208.65.153.0/24 (208.65.153.0 - 208.65.153.255) to keep youtube off their net. What they didn't understand though is this really needs to be kept as a local routing policy so it only affected Pakistan, but it sorta snuck out and affected the entire network.

Routing is the soft underbelly of the net.

Re:What a REAL oppressive theocracy looks like

[rhakka]

Has Pakistan wrongfully invaded another country recently when I wasn't looking?

If not... are you saying that theocratic regimes may censor, but ultimately do less harm than we do?

I guess I'm confused.

Re:CBG

[Shakrai]

You must have missed the part of history class where they taught about the Lend-Lease Act. The US was very much involved in the war starting in March of 1941, we might not have had boots on the ground but without our help the UK wouldn't have stood much of a chance.

And you must have missed the part of history class where they taught that the Battle of Britain started in June 1940, nine months prior to the passage of Lend-Lease.

Seriously though even if Lend-Lease/other assistance (destroyers for bases [wikipedia.org] comes to mind) was the sole thing that keep the Brits going, how does that diminish the bravery that they showed in continuing to fight on alone? They could have easily sought an armistice and probably would have emerged better off for doing so (the Empire would have survived instead of being bankrupted). The free world owes them a debt of gratitude for carrying on that fight even when things looked pretty bleak.

Re:But how did they do it?

[Fatal67]

BGP does not rely on the honor system. Every provider has the ability to lock down announcements to the finest of detail. They may choose not to, but that's just piss poor network management.

Every External BGP session (EBGP) SHOULD be configured with a very specific access list as to what that particular session will be allowed to announce to you.

Obviously, tracking 20K plus announcements from a provider and creating an access list for it, daily, is a bit tedious. This is why Route Registries were created and many tools that will look up an AS in a route registry and generate the appropriate ACL are already in existence and in use. The problem is a lot of networks do not keep their registries up to date unless forced to by a peer / transit provider.

A correctly configured session will allow only announcements of the specified address space at the specified length. Any major transit provider that allowed this should be looking at their advertisement policy and figuring out how to prevent it in the future. Solutions do exist and are used by the majority of large providers already.

How the hell did /25's get propagated anyway? There are still transit networks that allow prefixes that small to be accepted externally?

Re:Common law

[Shakrai]

Yes, and when the government outlaws murder, they are taking away that right

I'm sorry, the "right" to murder? Where is the "right" to murder outlined in the Common Law, Magna Carta, US Constitution or any other historical document of note? The whole point of Government is to secure our rights against those that would take them away from us by force. I fail to see how you can make the argument that protecting my right to "life, liberty and pursuit of happiness" is taking away something from you. Your "right" to murder? Are you serious?

but it is still taking away rights regardless of those facts and regardless of whatever Jefferson has to say on the matter

Well, if you want to debate our rights being taken away then let's do it. We can start by talking about habeas corpus, the right against self-incrimination, protection from unreasonable search and seizure, the erosion of the Grand Jury, the erosion of gun rights, etc, etc, etc. But it's hard to take you seriously when you shoot down my idealism with the claim that by outlawing murder the Government is taking away one of your "rights".

While "the government should never take our rights away!" might be a nice-sounding slogan, what it actually means is a hell of a lot different to what (I assume) you intended to express.

Perhaps. It might have sounded better if I had said "The Government has no right to take our rights away without due process of law". That probably would have been a better statement on my part and more in-line with the traditions and history that I was trying to defend.

Re:But how did they do it?

[kent_eh]

the POTS network has a routing protocol used to setup calls/announce which switch is responsible for which number/range. One would suspect that SS7 can be abused by "bad" telcos as easily as BGP can be abused by "bad" ISPs.

It can and does happen.

Though it's usually caused by error rather than malice.

It doesn't take much to screw up call routing, usually by passing traffic to the wrong exchange which then either gets analyzed and sent on to it's correct destination via a longer-than-necessary route or ends up in a routing loop, and eventually chokes up the trunk group before the call fails.

Re:Will somebody please. . .

[MarkusQ]

How many documented civilian deaths since 2003 is Pakistan responsible for

Try 3 million in 1971,...

Last time I checked, 1971 camr before 2003. So data from 1971 can't be used to answer a "since 2003" question.

...and 500-3000 women a year, and numerous religious minorities. There is a difference between people killed in the exigencies of war (as in US involvement in Iraq), a transient phenomenon, and the pervasive intolerance and violence all across Pakistan, which lasts for decades.

That might look like a snappy rebuttal if you squint at it just right, but add in a few more facts and it doesn't look so pat. Consider:

• 3000 people a year may sound like a lot, until you compare it to the various estimates of civilian casualties inflicted by the US invasion of Iraq:
  • 15000/year (Bush)
  • 60000/year (US Military)
  • 120000/year (Lancet study)
• Also consider that, during this time Pakistan has been a US ally--we didn't invade them even though similar claims were floated as a justification of our invasion of Iraq
• Saying that the US occupation of Iraq is a "transient phenomenon" in contrast to things that "last for decades" is kind of silly when you consider that the US officials in charge of the occupation are pretty much unanimous in expecting it to last decades.

--MarkusQ