Quantcast
Channel: Hacker News 50
Viewing all articles
Browse latest Browse all 9433

Breaking news: Traffic from Syria Disappears from Internet - Umbrella Security Labs

$
0
0

Comments:"Breaking news: Traffic from Syria Disappears from Internet - Umbrella Security Labs"

URL:http://labs.umbrella.com/2013/05/07/breaking-news-traffic-from-syria-disappears-from-internet/


At around 18:45 UTC the OpenDNS resolvers saw a significant drop in traffic from Syria. On closer inspection, it seems Syria has largely disappeared from the Internet.

The graph below shows DNS traffic from and to Syria. The drop in both inbound and outbound traffic from Syria is clearly visible. The small amount of outbound traffic depicted by the chart indicates our DNS servers trying to reach DNS servers in Syria.

Currently both TLD servers for Syria, ns1.tld.sy and ns2.tld.sy are unreachable.  The remaining two nameservers sy.cctld.authdns.ripe.net. and pch.anycast.tld.sy. are reachable since they are not within Syria.

Umbrella Security Labs, which is the threat research division of OpenDNS, also reported on an Internet blackout in Syria November of 2012, where we shared details of the top 10 most failed domains during the outage.  

Expect updates from our team shortly.

Update: 1:28 p.m. PDT

There have been numerous incidents where access to and from the Internet in Syria was shut down. Shutting down Internet access to and from Syria is achieved by withdrawing the BGP routes from Syrian prefixes. The graph below shows the sudden drop in visibility for Syrian network prefixes.

How it happened:

Routing on the Internet relies on the Border Gateway Protocol (BGP). BGP distributes routing information and makes sure all routers on the Internet know how to get to a certain IP address. When an IP range becomes unreachable it will be withdrawn from BGP, this informs routers that the IP range is no longer reachable.

For example, one of the name servers for the DNS zone .SY is ns1.tld.sy with IP address 82.137.200.85.

Normally our routers would expect a BGP route for 82.137.192.0/18

Currently that route has disappeared and we no longer have a way to reach the Nameservers for .SY that reside in Syria

andree@rtr1-re0.ams> show route 82.137.192.0/18 detail

{master}

Currently there are just three routes in the BGP routing tables for Syria, while normally it’s close to Eighty.  Below are the routes that are still being announced by the major Syrian Telecom provider: AS29256

andree@rtr1-re0.ams> show route aspath-regex “.* 29256 “

 

inet.0: 447128 destinations, 1696295 routes (446964 active, 5 holddown, 445714 hidden)

+ = Active Route, – = Last Active, * = Both

 

46.53.0.0/17       *[BGP/170] 01:41:57, MED 0, localpref 100

                     AS path: 3356 3320 29386 29256 I

                   

78.110.96.0/20     *[BGP/170] 01:41:57, MED 0, localpref 100

                     AS path: 3356 3320 29386 29256 I

            

94.141.192.0/19    *[BGP/170] 01:41:57, MED 0, localpref 100

                     AS path: 3356 3320 29386 29256 I

Effectively, the shutdown disconnects Syria from Internet communication with the rest of the world. It’s unclear whether Internet communication within Syria is still available. Although we can’t yet comment on what caused this outage, past incidents were linked to both government-ordered shutdowns and damage to the infrastructure, which included fiber cuts and power outages.

 

 


Viewing all articles
Browse latest Browse all 9433

Trending Articles