Go Back   Wireless and Wifi Forums > News > Newsgroups > comp.security.misc
Yahoo Follow-up Last Updated: 2007-07-08 19:15:56 UTC

Yahoo Follow-up Last Updated: 2007-07-08 19:15:56 UTC

Yahoo Follow-up Last Updated: 2007-07-08 19:15:56 UTC. Discuss Yahoo Follow-up Last Updated: 2007-07-08 19:15:56 UTC, on Wireless Forums.

Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-08-2007, 07:53 PM
spamhotmail@yahoo.com
Guest
  
Posts: n/a
Default Yahoo Follow-up Last Updated: 2007-07-08 19:15:56 UTC
http://isc.sans.org/diary.html?storyid=3112



Yahoo Follow-up
Published: 2007-07-08,
Last Updated: 2007-07-08 19:15:56 UTC
by Marcus Sachs (Version: 1)

On Friday we reported that there were connectivity issues with Yahoo.
Initially we thought that it was a problem either at Yahoo or perhaps
inside Verizon's networks based on emails we received. Later we
determined that it was not Verizon or Yahoo, but more likely an issue
at Level3. Yahoo's official response is here.

The first indication we got that the problem was at Level3 was from a
post to the NANOG mailing list showing the output of a traceroute to
Yahoo. Here are the last few hops, notice the latency at and beyond
Level3:

13 * 70 ms 77 ms ge-0-3-0-69.bbr2.sanjose1.level3.net
[4.68.18.2]
14 * 78 ms 71 ms so-14-0.hsa4.sanjose1.level3.net
[4.68.114.158]
15 487 ms 449 ms 459 ms hanaro.hsa4.level3.net [4.79.60.22]
16 * * * Request timed out.
17 * * * Request timed out.
18 * 586 ms * te-8-1.bas-a2.sp1.yahoo.com
[209.131.32.19]
19 * 570 ms * f1.www.vip.sp1.yahoo.com
[209.131.36.158]
20 * * 591 ms f1.www.vip.sp1.yahoo.com
[209.131.36.158]

Later, one of our readers found that a BGP peer of Level3 was
advertising itself as the best path via San Jose for a large number of
routes. The advertisement came from AS9318 (Hanaro Telecom) and
caused Yahoo and many other sites that were reached via Level3 to be
unavailable for a period of about an hour. As an example, that reader
did a route lookup for www.merit.edu (host of the NANOG mailing list)
to show that it wasn't just Yahoo that was affected. Here is the
output provided to the Internet Storm Center:

BGP routing table entry for 198.108.0.0/14
Bestpath Modifiers: deterministic-med
Paths: (2 available, best #1)
Not advertised to any peer
9318 9318 11164 237, (aggregated by 237 lo0x0.2.nl-chi3.mich.net)
AS-path translation: { APNIC-AS-3-BLOCK APNIC-AS-3-BLOCK WILLINET
NSFNETTEST14 }
lo-22.hsa4.SanJose1 (metric 161) from lo-22.err1.SanJose1
(lo-22.err1.SanJose1)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-
aggregate, best
Community: North_America Lclprf_100 Level3_Customer
United_States San_Jose
Originator: hsa4.SanJose1
9318 9318 11164 237, (aggregated by 237 lo0x0.2.nl-chi3.mich.net)
AS-path translation: { APNIC-AS-3-BLOCK APNIC-AS-3-BLOCK WILLINET
NSFNETTEST14 }
lo-22.hsa4.SanJose1 (metric 161) from lo-22.err2.SanJose1
(lo-22.err2.SanJose1)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-
aggregate
Community: North_America Lclprf_100 Level3_Customer
United_States San_Jose
Originator: hsa4.SanJose1

If the same query is done now, here is what Level3's looking glass
service says for www.merit.edu via San Jose:

BGP routing table entry for 198.108.0.0/14
Bestpath Modifiers: deterministic-med
Paths: (2 available, best #2)
Not advertised to any peer
7911 237 237 237 237
AS-path translation: { WCG NSFNETTEST14 NSFNETTEST14 NSFNETTEST14
NSFNETTEST14 }
lo-22.car4.SanJose1 (metric 141) from lo-22.err2.SanJose1
(lo-22.err2.SanJose1)
Origin IGP, metric 0, localpref 100, valid, internal
Community: North_America Lclprf_100 Level3_Customer
United_States San_Jose 7911:777 7911:7705
Originator: car4.SanJose1
7911 237 237 237 237
AS-path translation: { WCG NSFNETTEST14 NSFNETTEST14 NSFNETTEST14
NSFNETTEST14 }
lo-22.car4.SanJose1 (metric 141) from lo-22.err1.SanJose1
(lo-22.err1.SanJose1)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: North_America Lclprf_100 Level3_Customer
United_States San_Jose 7911:777 7911:7705
Originator: car4.SanJose1


Over at Netcraft, you can see the brief outage by observing the red
area on the bottom-right side of this status graphic:

So, bottom line - it wasn't Yahoo having the problems. It was a BGP
routing issue that affected reachability of many sites that had routes
advertised through Level3. Unfortunately this is one of the
Internet's "dirty little secrets" - BGP updates are the lifeblood of
the Internet but yet there are many ways these route advertisements
can fail. There have been many suggestions for improvement (see the
soBGP and S-BGP projects) and even the US Department of Homeland
Security has tried to get some traction in making improvements to the
routing infrastructure. But the Internet remains vulnerable to these
types of configuration errors and intentional false routing
advertisements.

Marcus H. Sachs
Director, SANS Internet Storm Center


Reply With Quote
Reply

« Yahoo sites hit by availability problems | Antiforensic tools make all data suspect, threatening to render computer investigations cost-prohibitive. »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WiMAX Forum News, Weekly Clip Report March 22-29, 2007 badger_b@hotmail.com alt.internet.wireless 0 03-31-2007 01:14 AM
Call For Papers: WORLDCOMP'07: conferences in computer science & computer engineering, USA A. M. G. Solo comp.security.misc 0 01-19-2007 08:01 AM
HACKING LESSONS 1-17, HACKING, 24 CDs, WINDOWS XP ( X64 ) PRO CORP SP2, WINDOWS VISTA, OFFICE 2007, PROJECT 2007, PUBLISHER 2007, VISIO 2007, BRITANNICA 2007, other 2006-Dec-10 atarax alt.computer.security 0 12-11-2006 12:11 PM
Call For Papers/Sessions: WORLDCOMP'07--multiple int'l. conferences in computer science & computer engineering, USA A. M. G. Solo comp.security.misc 0 12-03-2006 09:52 PM
WORLDCOMP'07: Call For Papers/Sessions--multiple int'l. conferences in computer science & computer engineering, USA A. M. G. Solo (do not reply to this email address) comp.security.misc 0 11-06-2006 05:59 AM


All times are GMT. The time now is 07:27 PM.

Contact Us - Wireless Support Forum - Archive - Top - Noodles' Blog - Health Forums - Bike Forums - Cooking Junkies Forums

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45