By Dan Hubbard: At around 18:45 UTC OpenDNS resolvers saw a significant
drop in traffic from Syria. On closer inspection it seems Syria has
largely disappeared from the Internet.
The graph below shows DNS traffic from and to Syria.
Although Twitter remains relatively silent, the drop in both inbound and
outbound traffic from Syria is clearly visible. The small amount of
outbound traffic depicted by the chart indicates our DNS servers trying
to reach DNS servers in Syria.
Currently both TLD servers for Syria, ns1.tld.sy and
ns2.tld.sy are unreachable. The remaining two nameservers
sy.cctld.authdns.ripe.net. and pch.anycast.tld.sy. are reachable since
they are not within Syria.
The Umbrella Security Labs also reported
on an Internet blackout in Syria November of 2012, where we shared
details of the top 10 most failed domains during the outage.
Expect updates from our team shortly.Update: 1:28 p.m. PDT
There have been numerous incidents where access to and from
the Internet in Syria was shut down. Shutting down Internet access to
and from Syria is achieved by withdrawing the BGP routes from Syrian
prefixes. The graph below shows the sudden drop in visibility for Syrian
network prefixes.
How it happened:
Routing on the Internet relies on the Border Gateway
Protocol (BGP). BGP distributes routing information and makes sure all
routers on the Internet know how to get to a certain IP address. When an
IP range becomes unreachable it will be withdrawn from BGP, this
informs routers that the IP range is no longer reachable.
For example, one of the name servers for the DNS zone .SY is ns1.tld.sy with IP address 82.137.200.85.
Normally our routers would expect a BGP route for 82.137.192.0/18
Currently that route has disappeared and we no longer have a way to reach the Nameservers for .SY that reside in Syria
andree@rtr1-re0.ams> show route 82.137.192.0/18 detail
{master}
Currently there are just three routes in the BGP routing
tables for Syria, while normally it’s close to Eighty. Below are the
routes that are still being announced by the major Syrian Telecom
provider: AS29256
andree@rtr1-re0.ams> show route aspath-regex “.* 29256 “
inet.0: 447128 destinations, 1696295 routes (446964 active, 5 holddown, 445714 hidden)
+ = Active Route, – = Last Active, * = Both
46.53.0.0/17 *[BGP/170] 01:41:57, MED 0, localpref 100
AS path: 3356 3320 29386 29256 I
78.110.96.0/20 *[BGP/170] 01:41:57, MED 0, localpref 100
AS path: 3356 3320 29386 29256 I
94.141.192.0/19 *[BGP/170] 01:41:57, MED 0, localpref 100
AS path: 3356 3320 29386 29256 I
Effectively, the shutdown disconnects Syria from Internet
communication with the rest of the world. It’s unclear whether Internet
communication within Syria is still available. Although we can’t yet
comment on what caused this outage, past incidents were linked to both
government-ordered shutdowns and damage to the infrastructure, which
included fiber cuts and power outages.
No comments:
Post a Comment