#CyberSpaceWar, Uncategorized

Internet traffic disappears in Syria

from labs.umbrella.com: At around 18:45 UTC the OpenDNS
resolvers saw a significant drop in traffic from Syria. On closer inspection, it seems Syria has largely disappeared from the Internet.


The graph below shows DNS traffic from and to Syria. The
drop in both inbound and outbound traffic from Syria is clearly visible.
The small amount of outbound traffic depicted by the chart indicates
our DNS servers trying to reach DNS servers in Syria.

syria_offline

Currently both TLD servers for Syria, ns1.tld.sy and
ns2.tld.sy are unreachable.  The remaining two nameservers
sy.cctld.authdns.ripe.net. and pch.anycast.tld.sy. are reachable since
they are not within Syria.

Umbrella Security Labs, which is the threat research division of OpenDNS, also reported
on an Internet blackout in Syria November of 2012, where we shared
details of the top 10 most failed domains during the outage.  

Update: 1:28 p.m. PDT

There have been numerous incidents where access to and from
the Internet in Syria was shut down. Shutting down Internet access to
and from Syria is achieved by withdrawing the BGP routes from Syrian
prefixes. The graph below shows the sudden drop in visibility for Syrian
network prefixes
.

umbrella-syria-bgp

How it happened:



Routing on the Internet relies on the Border Gateway
Protocol (BGP). BGP distributes routing information and makes sure all
routers on the Internet know how to get to a certain IP address. When an
IP range becomes unreachable it will be withdrawn from BGP, this
informs routers that the IP range is no longer reachable.



For example, one of the name servers for the DNS zone .SY is ns1.tld.sy with IP address 82.137.200.85.



Normally our routers would expect a BGP route for 82.137.192.0/18



Currently that route has disappeared and we no longer have a way to reach the Nameservers for .SY that reside in Syria



andree@rtr1-re0.ams> show route 82.137.192.0/18 detail



Currently there are just three routes in the BGP routing
tables for Syria, while normally it’s close to Eighty.  
Below are the
routes that are still being announced by the major Syrian Telecom
provider: AS29256
andree@rtr1-re0.ams> show route aspath-regex “.* 29256 “





inet.0: 447128 destinations, 1696295 routes (446964 active, 5 holddown, 445714 hidden)



+ = Active Route, – = Last Active, * = Both





46.53.0.0/17       *[BGP/170] 01:41:57, MED 0, localpref 100



                     AS path: 3356 3320 29386 29256 I



                   



78.110.96.0/20     *[BGP/170] 01:41:57, MED 0, localpref 100



                     AS path: 3356 3320 29386 29256 I



            



94.141.192.0/19    *[BGP/170] 01:41:57, MED 0, localpref 100



                     AS path: 3356 3320 29386 29256 I



Effectively, the shutdown disconnects Syria from Internet
communication with the rest of the world.
 
It’s unclear whether Internet
communication within Syria is still available. Although we can’t yet
comment on what caused this outage, past incidents were linked to both
government-ordered shutdowns and damage to the infrastructure, which
included fiber cuts and power outages.

#PumpUpThaVolume: September 18, 2020