On mySimon: Meguiar's Gold Class Premium Car Wax
BNET Business Network:
BNET
TechRepublic
ZDNet

February 25th, 2008

YouTube shut down reveals some serious net security weaknesses

Posted by Richard Koman @ February 25, 2008 @ 7:08 AM

Categories: International, Network security

Tags: Security, YouTube Inc., Pakistan, Internet Service Providers (ISPs), Internet, BGP, Networking, Richard Koman

It isn’t often that the world of political repression interferes with our ability to watch home videos of cat tricks, but in a bizarre turn of events that’s what happened over the weekend.

Google-owned YouTube is a favorite target not only of copyright holders, who complain the site facilitates illegal sharing, but also of third-world dictators, who don’t like just how easily the site allows for dissidents to communicate with the rest of the world.

Thus, it wasn’t too surprising when Pakistani authorities ordered access to YouTube shut down. Iran and the UAE have permanent bans on YouTube, Morocco and Thailand have had on-again-off-again bans, Brazil temporarily banned the site due to a court action by supermodel Daniela Cicarelli (something about sex on the beach), and even the Pentagon blocks it in Iraq (for “network efficiency”).

But things really spun out of control when the Pakistan Telecommunication Authority ordered ISPs to block YouTube on Friday. Due to some unfortunate choices made by one of Pakistan’s ISPs, YouTube was blocked by the entire Internet, rather than just Pakistan. Attempting to block access to YouTube within Pakistan, the ISP managed to reroute all YouTube traffic to a black hole.

For a technical view, see Danny McPherson’s post on Arbor Networks. The larger point is that the blackout has exposed some serious issues here:

So, what’s the root problem here? Let’s see, where to start:

    no authoritative source for who owns and/or is permitted to provide transit services for what IP address spaces on the Internet

  • little or no explicit BGP customer prefix filters on the Internet
  • little or no inter-provider prefix filtering on the Internet

  • no route authentication and authorization update mechanism (eg., SBGP, soBGP, etc..) in today’s global routing system

I fully suspect that the announcements from Pakistan Telecom for YouTube address space were the result of a misconfiguration or routing policy oversight, and seriously doubt impact to YouTube reachability [beyond Pakistan’s Internet borders] was intentional.

  • Talkback
  • Most Recent of 4 Talkback(s)
RE: YouTube shut down reveals some serious net security weaknesses
If a little "Underdeveloped" Country like Pakistan can block off the whole world, what does that say about our internet Security and far more important, Internet Solidity and Viability.
Think about... (Read the rest)
Posted by: Aaron A Baker Posted on: 02/26/08 You are currently: a Guest | | Terms of Use
BGP was implemented...  bjbrock | 02/25/08
Message has been deleted.  da_darkman@... | 02/25/08
The only reason this ever happened...  smarmybastard | 02/25/08
RE: YouTube shut down reveals some serious net security weaknesses  Aaron A Baker | 02/26/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here