There are few people who work with the Internet who understand how truly vulnerable and weak the core infrastructure really is. Nothing demonstrates this basic weakness better than the troubles experienced by YouTube over the past weekend when Pakistan, under orders from its government, put new BGP (Border Gateway Protocol) entries in one of their routers to block YouTube. The result was not just a block for Pakistan, but for vast chunks of the whole Internet.
From Brian Krebs at the WaPo here:
Pakistan ordered all in-country Internet service providers (ISPs) to block access to YouTube.com, complaining that the site contained controversial sketches of the Prophet Mohammed which were republished by Danish newspapers earlier this month. The people running the country’s ISPs obliged, but evidently someone at Pakistan Telecom – the primary upstream provider for most of the ISPs in Pakistan – forgot to flip the switch that prevented those blocking instructions from propagating out to the rest of the Internet.
The result is that the Pakistani backbone Autonomous System (AS) announced to all of its peers via BGP that it was now authoritative for the DNS IP range of YouTube.com. And this announcement was sent up the chain to its peers, and its peers’ peers, resulting in requests for YouTube.Com to be routed through Pakistan, which of course was not really routing for the site. After a while, the peers noticed the route poisoning and filtered out any BGP announcements coming from Pakistan, and restored the connection to YouTube.
Was this the equivalent of Islamic Jihad against the internet in response to the Danish cartoons? Some on NANOG certainly suspect this was a political move at least by a nascent government. Others suspect it was more of a simple misconfiguration. Danny McPherson at Arbor Networks provides an excellent analysis on how this happened and thinks it was an accident. He writes:
I fully suspect that the announcements from Pakistan Telecom for YouTube address space were the result of a misconfiguration or routing policy oversight, and seriously doubt impact to YouTube reachability [beyond Pakistan’s Internet borders] was intentional. The route announcements from Pakistan Telecom have long since been withdrawn (or filtered).
But this clearly demonstrates that you don’t need a huge botnet to take a corporation off the Internet. All it takes is fat fingers by an AS operator to sink your online presence, and no amount of content distribution or built-in redundancy can save you. But I know this garnered the attention of World Government organizations such as the US Department of Homeland Security, and they will be having a chat with the operator of the AS this morning.