Not if only trusted peers are allowed to advertise to that AS. It's the same mechanism proposed for blackholing on destination to dampen DOS a while back, except it is to prevent hijacking, and therefore doesn't run afoul of the AT&T patent (and now the prior art for this is in the public domain). It's also something that can be built using the existing infrastructure, and rough consensus.
-----Original Message----- From: Owen DeLong [mailto:owen@delong.com] Sent: Sunday, February 24, 2008 8:25 PM To: Tomas L. Byrnes Cc: Simon Lockhart; Michael Smith; neil.fenemor@fx.net.nz; will@harg.net; nanog@merit.edu Subject: Re: YouTube IP Hijacking
On Feb 24, 2008, at 2:14 PM, Tomas L. Byrnes wrote:
I figured as much, but it was worth a try.
Which touches on the earlier discussion of the null routing of /32s advertised by a special AS (as a means of black-holing DDOS
traffic).
It seems to me that a more immediately germane matter regarding BGP route propagation is prevention of hijacking of critical routes.
Perhaps certain ASes that are considered "high priority",
YouTube, Yahoo, MS (at least their update servers), can be
like Google, trusted to
propagate routes that are not aggregated/filtered, so as to give them control over their reachability and immunity to longer-prefix hijacking (especially problematic with things like MS update sites).
That's just inviting the injection of forged AS routes to commit abuse.
Owen
-----Original Message----- From: Simon Lockhart [mailto:simon@slimey.org] Sent: Sunday, February 24, 2008 2:07 PM To: Tomas L. Byrnes Cc: Michael Smith; neil.fenemor@fx.net.nz; will@harg.net; nanog@merit.edu Subject: Re: YouTube IP Hijacking
On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote:
Which means that, by advertising routes more specific
than the ones
they are poisoning, it may well be possible to restore universal connectivity to YouTube.
Well, if you can get them in there.... Youtube tried that, to restore service to the rest of the world, and the announcements didn't propogate.
Simon