Threat Chaos

Richard Stiennon

Pakistan removed from the Internet

By Richard Stiennon | February 24, 2008, 1:40pm PST

Summary

4:30 PM Eastern (US).
The telecom company that carries most of Pakistan’s traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP’s [...]

Topics

Blogger Info

Richard

Biography

Richard

Richard
A former ZDNet blogger, Richard Stiennon is an industry consultant. Most recently he was Chief Marketing Officer for Fortinet, Inc., the largest privately held security vendor. prior to that he was Chief Research Analyst at IT-Harvest. And before creating IT-Harvest, he was VP of threat research for Webroot Software, Inc. the leading commercial anti-spyware solution.

Previously, Richard was VP Research at Gartner, Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting and managed security services for the Security and Privacy group. He is a holder of Gartner's Thought Leadership award for 2003 and was named "One of the 50 most powerful people in Networking" by NetworkWorld magazine. His speaking engagements have included conferences and meetings throughout North and South America, Hawaii, Tokyo, Tel Aviv, Istanbul, Milan, Munich, Hannover, Madrid, London, and Cannes.

4:30 PM Eastern (US).

The telecom company that carries most of Pakistan’s traffic, PCCW, has found it necessary to shut Pakistan off from the Internet while they filter out the malicious routes that a Pakistani ISP, PieNet, announced earlier today. Evidently PieNet took this step to enforce a decree from the Pakistani government that ISP’s must block access to YouTube because it was a source of blasphemous content.

I cannot let the irony pass with out commenting. A religious state, Pakistan, identifies a content provider, YouTube, as the source of blasphemous, seditious content and orders, King Canute style, that the Internet tides be stopped. A zealous ISP ignorantly decides the best way to comply with the decree is to re-route all of YouTube’s IP addresses to whatever site they thought was more appropriate. The first repercussion was that YouTube disappeared from the Internet for almost an hour. I suspect the second repercussion was that Pakistan’s Internet access crawled to a halt as all of a sudden they were handling IP requests for one of the busiest sites in the world. As of this writing YouTube has announced more granular routes so that at least in the US they supercede the routes announced by PieNet. The rest of the world is still struggling. So, while working on a fix that will filter out the spurious route announcements, PCCW has found it necessary to shut down Pakistan’s Internet access. The leadership of Pakistan just created a massive Denial of Service on their own country.

I could say: “be careful what you wish for” to those elements that object to free and open access to information and expression of ideas. But to put it in terms they might understand better: Do not anger the Internet gods or you will suffer their wrath!

Update: This blog points out that the “blasphemous content” claim may be a red herring. There may be more political motivations behind it.

Update:  Stiennon’s blog has moved to here

Disclosure

Richard

http://blogs.zdnet.com/threatchaos/?page_id=455

Biography

Richard

A former ZDNet blogger, Richard Stiennon is an industry consultant. Most recently he was Chief Marketing Officer for Fortinet, Inc., the largest privately held security vendor. prior to that he was Chief Research Analyst at IT-Harvest. And before creating IT-Harvest, he was VP of threat research for Webroot Software, Inc. the leading commercial anti-spyware solution.

Previously, Richard was VP Research at Gartner, Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting and managed security services for the Security and Privacy group. He is a holder of Gartner's Thought Leadership award for 2003 and was named "One of the 50 most powerful people in Networking" by NetworkWorld magazine. His speaking engagements have included conferences and meetings throughout North and South America, Hawaii, Tokyo, Tel Aviv, Istanbul, Milan, Munich, Hannover, Madrid, London, and Cannes.

Talkback Most Recent of 85 Talkback(s)

  • I've had Newbie router admins take out my private routes before
    I've had Newbie router admins take out my private routes before on a corporate WAN, but I've not seen an entire country take out an entire website like this. Their actions not only blocked themselves from accessing YouTube, but the entire world.

    An action like this needs to be severely punished and it should never be tolerated by the world. I think the appropriate action is to block ALL backbones to Pakistan until the Government pays a fine, apologize for poisoning the BGP tables, and promise never to do it again. If you want to be a part of the Internet, you need to behave.
    ZDNet Gravatar
    georgeou
    02/24/2008 01:41 PM
  • The bigger question
    is how the hell can one faulty ISP in a backwater country change the DNS tables of one of the biggest web sites for the entire internet so easily in the first place? Imagine the damage that could have been done had they been TRYING to do damage. And now that the idea is out there...
    ZDNet Gravatar
    Michael Kelly
    02/24/2008 04:01 PM
  • Anyone who uses BGP can theoretically poison routes for the Internet
    Anyone who uses BGP on multiple Internet connections can theoretically poison routes for the Internet. Every Internet router carries BGP tables for the whole Internet. I've run networks with edge routers that run BGP. However, ISPs can filter bad routes from clients, but this was an ISP that flooded the Internet with bad BGP routes so it's rather unusual.

    ISPs are typically professionally run but this one apparently thought it was a good idea to poison the Internet. There will be serious consequences for this. This ISP can no longer be trusted without very granular filters in place.
    ZDNet Gravatar
    georgeou
    02/24/2008 04:35 PM
  • It's so easy
    ANYONE with access to a BGP router can seriously harm the Internet. This incident is a great lesson.

    -Stiennon
    ZDNet Gravatar
    RStiennon
    02/24/2008 09:30 PM
  • I had access to BGP in my last job
    I had access to BGP in my last job because we did Data center hosting. But you don't even need to be that big, anyone with redundant Internet links (think T1s and above) use BGP. Usually, the ISPs will filter the BGP advertisements from those clients to narrow down what they can advertise. But in this case, the ISP itself was the culprit and that just doesn't happen very often, especially not like this.
    ZDNet Gravatar
    georgeou
    02/24/2008 10:20 PM
  • Agree with sentiment
    Especially when you count the cost in frustration by what must be millions who could not access YouTube for an hour today.

    But the Internet can take care of itself this time around anyway. PCCW the major carrier for PK connectivity shut down Pakistan to update their routers with filters to take out the Pakistani hijacked routes.

    -Stiennon
    ZDNet Gravatar
    RStiennon
    02/24/2008 09:24 PM
  • SPAM
    I think this would be a great way to take care of SPAM - If the ISPs won't shutdown reported offenders, then cut the ISP out of the internet until they comply.
    ZDNet Gravatar
    DigitalFrog
    02/26/2008 09:10 AM
  • Silence Is Defeat
    [url=http://silenceisdefeat.org/]A cheap Shell Account[/url] can come in handy to tunnel a ssh connection to the web in a pinch.

    Such shell accounts allow you to set up your browser to SOCKS5 proxy via ssh to your shell account's ip address. This tunnels all http and https AND DNS activity so urls aren't blocked!

    Plenty of 'how-tos' on it--just google on ssh and socks5.

    Just thought of it.
    ZDNet Gravatar
    D T Schmitz
    02/24/2008 03:02 PM
  • Nothing to do with website blocking
    Nothing to do with website blocking. This is the whole Internet being diverted to a different IP address because of poisoned BGP routes. From now on, Packistan will need to be filtered on BGP routes.
    ZDNet Gravatar
    georgeou
    02/24/2008 04:36 PM
  • I think you missed the point George
    I think the OP of this reply was stating the obvious - no matter what Pakistan does to block access to specific parts of the intarweb - people can and will still get there. It's just a matter of working around the restriction... proxy, tunnels, tor, whatever... the internet heals around these kinds of wounds very quickly.
    ZDNet Gravatar
    binaryspiral
    02/25/2008 02:47 PM
  • ZDNet Gravatar
    D T Schmitz
    02/25/2008 04:19 PM
  • This is funny!!!
    "A cheap Shell Account can come in handy to tunnel a ssh connection to the web in a pinch.

    Such shell accounts allow you to set up your browser to SOCKS5 proxy via ssh to your shell account's ip address. This tunnels all http and https AND DNS activity so urls aren't blocked!

    Plenty of 'how-tos' on it--just google on ssh and socks5.

    Just thought of it."


    These toughts from you are off the mark big time, think OSI model and drop down a few levels. Read up some more and then come back, it does make me laugh though!!! Googling someting is not always the best thing to do.
    ZDNet Gravatar
    OhTheHumanity
    02/25/2008 11:29 AM
  • Glad you got a chuckle even if you missed the point!
    Even if the Pakistani government had managed to successfully block Youtube without hosing BGP, a user following my suggestions can get to whereever they want to go!

    Thanks!
    ZDNet Gravatar
    D T Schmitz
    02/25/2008 03:58 PM
  • ZDNet Gravatar
    n3td3v
    02/24/2008 03:45 PM
  • Don't confuse me with the media
    Would you be happier if I said " Pakistan's access to the Internet shut off by major Telco"? That's what happened earlier today. How is that hyperbole.

    Because I blog I am now the "Media"?
    ZDNet Gravatar
    RStiennon
    02/24/2008 09:33 PM

Talkback - Tell Us What You Think

advertisement

Get it the way you want it

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

White Papers, Webcasts, & Resources
advertisement