Pakistan YouTube Block Breaks the World 343
Allen54 noted a followup to yesterday's story about Pakistan's decision to block YouTube. He notes that "The telecom company that carries most of Pakistan's traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP's must block access to YouTube because it was a source of blasphemous content. YouTube has announced more granular routes so that at least in the US they supercede the routes announced by PieNet. The rest of the world is still struggling."
Re:But how did they do it? (Score:5, Interesting)
Re:But how did they do it? (Score:5, Interesting)
I imagine that this event will introduce a lot of people to how high level internet routing works. Yes, its that vulnerable folks. Scary, but fortunately these events don't happen often. I think back in late 90s was the time when someone in Pennsylvania introduced a global route for everything to go to 0.0.0.0, which brought everything down for a day.
Re:But how did they do it? (Score:1, Interesting)
Re:CBG (Score:3, Interesting)
Re:But how did they do it? (Score:3, Interesting)
Thing is that there dosn't appear to be a candiate country to do this. You'd need one without any culture of censorship and a strong enough military (including globally targeted nuclear missiles) not to be pushed around by the countries interested in censorship.
Re:But how did they do it? (Score:3, Interesting)
If you already know whose IP address are whose, then what do you need the routing protocol for in the first place? BGP inherently depends on the honor system - that is the crux of the problem. There is no "in theory" where this is really solved (yet).
Re:A Better Technical Explanation (Score:1, Interesting)
Re:Am I the only one... (Score:3, Interesting)
And religion was just a dead herring.
Gutenberg (Score:5, Interesting)
But mullahs forbade printing for 200 years, while in Europe it exploded. Mostly it was silly: religious stuff, cartoons, sex, but it was also maps, mathematics, etc.
Internet is about the same as an invention of printing was then. And again they are making the same mistake, again due to a fear of mullahs to lose their power.
Like 500 years ago it will just slow the development of their civilization.
Re:But how did they do it? (Score:5, Interesting)
Pakistan Telcom does have an ASN number. Just for kicks, try this:
Head over to this site [routeviews.org]. It visualizes the BGP routes between different AS's. Click 'Start BGPlay'. The prefix in which YouTube lives is 208.65.153.0/24. Set the start time for about 24 Feb 2008 10:00, and the end time for about 25 Feb 2008 03:00 (times are UTC). Start the simulation.
You'll see a bunch of ASNs. Two have red circles around them. You can get their name by clicking on the number. On the left is YouTube, and on the right is Pakistan Telcom. Click play and watch what happens.
For those too lazy to actually watch this: All the routes destined for YouTube head towards Pakistan Telcom instead. Then, midway through, you see PCCW get wise and shut down those routes, and everyone slowly starts finding the actual YouTube. It's pretty neat to watch.
Re:Cue "Islam is evil post" (Score:3, Interesting)
My own personal suspicion is that one very easily can help a butterfly emerge from its crystalis; if one doesn't damage the wings in the process, the butterfly would probably benefit greatly from not having to struggle free. It's not as though they face great epistemological issues in their daily lives.
Re:Common law (Score:3, Interesting)
Maybe it should. And maybe people should study history more and realize that the rights of the people should not be taken away (by a Monarch or an elected Legislature) for any reason. That was one of the underlying principles of the Magna Carta and the Common Law -- the right to limit the power that the Monarch/Legislature/Government has over us and the idea that Governments derive their power from the consent of the Governed (to quote the US Declaration of Independence).
It seems that history taught us that we have the right to limit the power of the Monarch but not that we have the right (and necessity) to limit the power of the elected legislature. An elected legislature can trample on your rights as easily as a monarch can unless you take steps to prevent it.
Re:But how did they do it? (Score:5, Interesting)
Youtube had a route for 208.65.152.0/22 (208.65.152.0 - 208.65.155.255), but Pakistan's main ISP in Hong Kong announced a route for 208.65.153.0/24 (208.65.153.0 - 208.65.153.255) to keep youtube off their net. What they didn't understand though is this really needs to be kept as a local routing policy so it only affected Pakistan, but it sorta snuck out and affected the entire network.
Routing is the soft underbelly of the net.
Re:What a REAL oppressive theocracy looks like (Score:4, Interesting)
If not... are you saying that theocratic regimes may censor, but ultimately do less harm than we do?
I guess I'm confused.
Re:CBG (Score:5, Interesting)
And you must have missed the part of history class where they taught that the Battle of Britain started in June 1940, nine months prior to the passage of Lend-Lease.
Seriously though even if Lend-Lease/other assistance (destroyers for bases [wikipedia.org] comes to mind) was the sole thing that keep the Brits going, how does that diminish the bravery that they showed in continuing to fight on alone? They could have easily sought an armistice and probably would have emerged better off for doing so (the Empire would have survived instead of being bankrupted). The free world owes them a debt of gratitude for carrying on that fight even when things looked pretty bleak.
Re:But how did they do it? (Score:4, Interesting)
Every External BGP session (EBGP) SHOULD be configured with a very specific access list as to what that particular session will be allowed to announce to you.
Obviously, tracking 20K plus announcements from a provider and creating an access list for it, daily, is a bit tedious. This is why Route Registries were created and many tools that will look up an AS in a route registry and generate the appropriate ACL are already in existence and in use. The problem is a lot of networks do not keep their registries up to date unless forced to by a peer / transit provider.
A correctly configured session will allow only announcements of the specified address space at the specified length. Any major transit provider that allowed this should be looking at their advertisement policy and figuring out how to prevent it in the future. Solutions do exist and are used by the majority of large providers already.
How the hell did
Re:Common law (Score:3, Interesting)
I'm sorry, the "right" to murder? Where is the "right" to murder outlined in the Common Law, Magna Carta, US Constitution or any other historical document of note? The whole point of Government is to secure our rights against those that would take them away from us by force. I fail to see how you can make the argument that protecting my right to "life, liberty and pursuit of happiness" is taking away something from you. Your "right" to murder? Are you serious?
Well, if you want to debate our rights being taken away then let's do it. We can start by talking about habeas corpus, the right against self-incrimination, protection from unreasonable search and seizure, the erosion of the Grand Jury, the erosion of gun rights, etc, etc, etc. But it's hard to take you seriously when you shoot down my idealism with the claim that by outlawing murder the Government is taking away one of your "rights".
Perhaps. It might have sounded better if I had said "The Government has no right to take our rights away without due process of law". That probably would have been a better statement on my part and more in-line with the traditions and history that I was trying to defend.
Re:But how did they do it? (Score:3, Interesting)
Though it's usually caused by error rather than malice.
It doesn't take much to screw up call routing, usually by passing traffic to the wrong exchange which then either gets analyzed and sent on to it's correct destination via a longer-than-necessary route or ends up in a routing loop, and eventually chokes up the trunk group before the call fails.
Re:Will somebody please. . . (Score:3, Interesting)
Last time I checked, 1971 camr before 2003. So data from 1971 can't be used to answer a "since 2003" question.
That might look like a snappy rebuttal if you squint at it just right, but add in a few more facts and it doesn't look so pat. Consider:
--MarkusQ