BGP DoS

Internet On 25th February, YouTube was unreachable on the Internet for more than one hour.

The problem came from Pakinstan! Pakistan authorities decided to filter an “offending” video. There are two major Internet providers overthere. The good one decided to redirect YouTube traffic to a proxy and ban the video. The bad one has no other solution that blocking the whole YouTube site. How? By redirecting the YouTube IP addresses to a black hole. This method is also called “null-routing”. It’s very easy to implement:

cisco(config)# ip route <bad_network> <bad_netmask> null0

What happened then?

The whole internet is based on a protocol called “Border Gateway Protocol” (version 4) in short BGP4. To keep things simple, all major Internet providers exchange in real time routes between them (it’s called propagation). “If you need to reach ISP X, then pass by me”.

In the case above, the null-route added by the Pakistan provider had a very bad side effect: The route propagation started via it’s upstream provider which started propagation to others etc etc. Of course, this is only possible if filters are not or badly configured.

Except the unavailability of YouTube, the second consequence was another black hole: the Pakistan provider itself! To solve this issue, its upstream provider has no other alternative: it stopped announcing its routes. Results: completely disconnected from the Internet!

[Edited @ 19:14 28/02/2008]

The RIPE NCC published a case study about this issue. Link here.

Leave a Reply

Your email address will not be published. Required fields are marked *