For a couple of hours on Sunday, access to YouTube worldwide was cut, the result of the Pakistani government’s banning YouTube in the country.
Access to YouTube elsewhere was restored after two hours or so, but the question on everyone’s minds is, can this happen again?
Why the Ban?
Reports say the Pakistan Telecommunication Authority (PTA) imposed the ban for two reasons: Controversial Danish cartoons of the Prophet Muhammad were posted on YouTube, and the site carried a trailer for a forthcoming film by Dutch politician Geert Wilders portraying Islam as a fascist religion prone to inciting violence against women and homosexuals.
The cartoons caused a furor among Muslims worldwide when they were printed in a Danish newspaper in 2005 — riots led to at least 50 deaths and attacks on three Danish embassies.
Earlier this month, they were reprinted by several Danish newspapers in response to a recently uncovered plot to murder the cartoonist.
The PTA urged Pakistani Internet users to write YouTube requesting the offending materials be removed.
It has told Pakistan’s 70-odd Internet service providers that YouTube will be banned until further notice.
The PTA’s deputy director for enforcement sent a memo announcing the ban to major ISPs on Feb. 22.
The Technical Details
The PTA asked Pakistani ISPs to block access to three IP addresses that are associated with YouTube’s site.
The ISPs could have used one of several methods to block access to the IP addresses, Danny McPherson, chief research officer at network infrastructure security provider Arbor Networks, told TechNewsWorld.
They could have deployed access-control lists on all their router interfaces leading to those addresses; routed the three IP addresses to a null, the ISP equivalent of a black hole on the network; or basically have all packets that were being sent to or from those three IP addresses automatically discarded by the network.
The second option requires the ISPs to add static routes to every router in their networks. However, the effect of that is to tell the world that traffic to those three IP addresses should be sent to the ISPs instead of to YouTube.
This, in essence, is what happened, McPherson said.
“The fact that today anyone connected to the Internet could potentially go out and announce reachability for anyone else in the Internet space is a huge problem,” McPherson said.
Problems like this are not new: About 10 years ago, an enterprise was taken offline for about seven hours because of a similar rerouting, McPherson said.
A Complicated Problem
YouTube is working to prevent similar problems recurring.
“We are investigating and working with others in the Internet community to prevent this from happening again,” YouTube said.
Will that work? Probably not.
“There’s no authoritative source on the Internet for who owns what address space where you could do real-time address changes,” McPherson said.
What about the Internet Routing Registry, with which ISPs register Internet addresses? “The problem is that, when your customers get new address spaces, you may not update that,” McPherson said. “You don’t have automated updates, no one does any filtering, and it’s this huge vulnerability.”
Part of the problem is that the Border Gateway Protocol, which Internet service providers use BGP to inform each other which IP address goes where, is not robust.
BGP works by maintaining a table of IP networks or “prefixes,” which designate network reachability among autonomous systems. It makes routing decisions based on path, network policies and rule sets.
It was developed in an attempt to prevent anyone from, essentially, hijacking someone else’s IP addresses, as happened to YouTube, but BGP “has a lot of holes,” McPherson said, adding that “basically the Internet’s a bunch of loosely connected networks run by different administrators.”