Wednesday, May 8, 2013

Syria Traffic Goes "Dark" As Country Disappears From Internet

 
Tyler Durden's picture




While there have been no new military attacks on Syria since Sunday morning, something more peculiar happened in the past few hours, when according to Akamai and various other Internet traffic trackers, Syria has literally gone "dark", or, as Umbrella Security Labs describes it, as if "Syria has largely disappeared from the Internet."
Some more from Umbrella's blog:
At around 18:45 UTC OpenDNS resolvers saw a significant drop in traffic from Syria. On closer inspection it seems Syria has largely disappeared from the Internet.

The graph below shows DNS traffic from and to Syria. Although Twitter remains relatively silent, the drop in both inbound and outbound traffic from Syria is clearly visible. The small amount of outbound traffic depicted by the chart indicates our DNS servers trying to reach DNS servers in Syria.

syria_offline

Currently both TLD servers for Syria, ns1.tld.sy and ns2.tld.sy are unreachable.  The remaining two nameservers sy.cctld.authdns.ripe.net. and pch.anycast.tld.sy. are reachable since they are not within Syria.

The Umbrella Security Labs also reported on an Internet blackout in Syria November of 2012, where we shared details of the top 10 most failed domains during the outage. 

Update: 1:28 p.m. PDT

There have been numerous incidents where access to and from the Internet in Syria was shut down. Shutting down Internet access to and from Syria is achieved by withdrawing the BGP routes from Syrian prefixes. The graph below shows the sudden drop in visibility for Syrian network prefixes.


umbrella-syria-bgp

How it happened:

Routing on the Internet relies on the Border Gateway Protocol (BGP). BGP distributes routing information and makes sure all routers on the Internet know how to get to a certain IP address. When an IP range becomes unreachable it will be withdrawn from BGP, this informs routers that the IP range is no longer reachable.

For example, one of the name servers for the DNS zone .SY is ns1.tld.sy with IP address 82.137.200.85.

Normally our routers would expect a BGP route for 82.137.192.0/18

Currently that route has disappeared and we no longer have a way to reach the Nameservers for .SY that reside in Syria
And in parallel news, we are hearing unconfirmed reports that mobile connections have been cut off as well.
Did Assad simply forget to pay his country's DNS (and cell) bill, or is this a preamble to putting Syria in the "dark" in advance of possible future military escalations? We will provide updates as we see them.
h/t @911buff and @l0gg0l

No comments:

Post a Comment