IT Business

YouTube failure highlights global internet security risk

False data from single ISP spreads across internet

By Robert McMillan, IDG News Service | Published 08:59, 26 February 08

Disruption to Google's YouTube video service at the weekend has highlighted a flaw in the internet's design that could some day lead to a serious security problem, according to networking experts.

The issue lies in the way Internet Service Providers (ISPs) share Border Gateway Protocol (BGP) routing information. BGP is the standard protocol used by routers to find computers on the Internet, but there is a lot of BGP routing data available. To simplify things, ISPs share this kind of information among each other.

Also in this channel

Routing error by rival ISP leaves 3 million Telstra customers offlineIt is suspected a BGP routing mistake by rival ISP Dodo jammed up Telstra's network >>
Europe's Internet registry introduces routing certificationNetwork operators can request a electronic document that proves their routing is accurate >>
OpenDNS report: The most-blocked and most-whitelisted sites of 2010OpenDNS shares details of the websites most blacklisted using its services >>
Sir, no sir! The army crackdown on MySpace and YouTubeCensorship or bandwidth constraints? US military clampdown on YouTube >>

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

And that can cause problems when one ISP shares bad data with the rest of the internet.

That's what happened with YouTube this weekend, according to sources familiar with the situation. BGP data intended to block access to YouTube within Pakistan was accidentally broadcast to other service providers, causing a widespread YouTube outage.

The chain of events that led to YouTube's partial black-out was kicked off Friday when the Pakistan Telecommunication Authority (PTA) ordered the country's ISPs to block access to YouTube because of an alleged anti-Islamic video that was hosted on the site.

ISPs in Pakistan were able to block YouTube by creating BGP data that redirected routers looking for YouTube.com's servers to nonexistent network destinations. But that data was accidentally shared with Hong Kong's PCCW, who in turn shared it with other ISPs throughout the internet.

Because Pakistan's BGP traffic was offering very precise routes to what it claimed were YouTube's Internet servers, routers took it to be more accurate than YouTube's own information about itself.

Larger service providers typically validate BGP data from their customers to make sure that the routing information is accurate, but in this case, PCCW apparently did not do that. When the Pakistani ISP sent the bad data, PCCW ended up sharing it with other ISPs around the globe.

1 2 continued on page 2 »

Slideshows: Google London Campus - Inside the incubator for tech startups

Also in slideshows :

Access Computerworld on your mobile

Get the latest news & updates from Computerworld UK on the move. Find out more

Windows 8

Check out our latest articles on Microsoft's next-generation operating system.

Accelerate Your IT Efficiency

View the latest capacity management resources including whitepapers, videos and news.

Latest Slideshows

Click here to view all our slideshows.

Government launches GrowthAccelerator for entrepreneurs

New £200 million scheme to help grow UK start-ups

Nasdaq's Facebook glitch came from race conditions

Nasdaq may pay out as much as $13 million due to a hard-to-find software bug

UK Facebook hacker jailed for 8 months

IBM Watson mastermind says future computers will be constant learners

Mobile network 3 calls on government to lower Europe data roaming charges

Blogs

IT - Helping the business deliver marketing through efficient customer analytics, at scale

How can the CIO deliver analytics to help marketing drive sales?read more »

Ian Watmore's departure - a personal view

Ian Watmore, who leaves the civil service next month, has his critics, David Moss among them. For me Watmore's time in the civil service has been marked by openness, honesty and a lack of ego. Many times he has been before Parliamentary...read more »

Governing business demand

Data management is essential in extracting maximum business valueread more »

Visualise value and then industrialise it

I was speaking to a COO the other day about the drive to deliver BI projects in short timescales. "That’s fine," he said. "But I’ve never known IT to deliver a project in six weeks."This underlined to me one of...read more »

more blogs ..

Cumbrians lose broadband after public subsidy cut

Infrastructure >>

Burberry points to benefits of tech in strong annual results

Applications >>

Cheap tablets sees Lenovo shipments grow in China

IT Business >>

EU data protection regulation and cookie law - Are you ready?

Security >>

De Vere hotels consolidate online brands through private cloud

Cloud Computing >>

Windows 8 touchscreen devices to be priced higher, Dell says

Operating Systems >>

Slideshows
White Papers
Videos
Newsletters

Login

Please login to ComputerworldUK.com

Forgot password?

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.
Register

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.