Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Egypt offline - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Egypt offline

 Most of you will be aware that the domestic situation in Egypt is a tad volatile.  We certainly do not get into the politics of things, however one event earlier today bears commenting on and that is the complete and utter shutdown of all internet connectivity in Egypt.  

Try and resolve any .eg site and you will receive .... nothing. 

To my knowledge this is unprecedented.  The main stream press is reporting that this is mainly because the unrest is being organised using twitter, SMS and other online services.  Similar to the events in Iran during the elections last year.  

From an IT security perspective how do you shut down a country? From what I can see for us external to the country access to the DNS servers is removed

dnstracer www.eeaa.gov.eg  

Tracing to www.eeaa.gov.eg[a] 

|___ FRCU.EUN.eg [gov.eg] (193.227.1.1) * * * 
|___ RIP.PSG.COM [gov.eg] (147.28.0.39) 
|     |___ NS2.TEDATA.NET [eeaa.gov.eg] (No IP address)
|      ___ NS1.TEDATA.NET [eeaa.gov.eg] (No IP address) 

So how is access denied to a whole country?  BGPMON (http://bgpmon.net/blog/?p=450) reports that close to 3000 routes to Egyptian networks were removed, effectively cutting them off the Internet.  Other articles are reporting that the major service providers went dark, easy enough to do I guess if you are the government. 

Feel free to comment, but please keep comments apolitical. 

Cheers

Mark 

Mark

391 Posts
ISC Handler
Is there a global version of the Internet Health report (www.internetpulse.net) where this outage registers?
Anonymous
farm6.static.flickr.com/5291/…
that link shows a graph which makes it pretty clear.

M
Mark

391 Posts
ISC Handler
"We certainly do not get into the politics of things"
Instead I would like to get involved into politics things, this is how we know news in Italy (ANSA): translated using Google from ->
http://www.ansa.it/web/notizie/rubriche/mondo/2011/01/22/visualizza_new.html_1617306833.html

"To neutralize the ability of protesters to organize and reorganize according to the deployment of the police force, was off this morning the internet service all over Egypt. The cellular network is no longer active. In the early morning had been disabled by SMS and now there is more 'network coverage. Vodafone has also been asked to suspend coverage."

My God, if you are familiar with the Italian political situation, please help us :-)
Anonymous
Sorry for double post, anyway this is the Italian versione, to avoid mistakes:

"Per neutralizzare la capacita' dei manifestanti di organizzarsi e riorganizzarsi a seconda dello schieramento delle forze di polizia, e' stato disattivato questa mattina il servizio internet in tutto l'Egitto. Anche la rete dei cellulari non e' piu' attiva. In prima mattinata era stato disattivato il servizio sms e ora non c'e' piu' copertura di rete. Anche a Vodafone e' stato chiesto di sospendere la copertura"
Anonymous
Coming soon to a United States near you.

http://news.techworld.com/security/3228198/obama-internet-kill-switch-plan-approved-by-us-senate/?olo=rss
Anonymous
i took a listing of egyptian universities from the net (32 in total) - and did a quick exercise to retrieve whatever information possible about the host, location, network, and availability. here's what i found (csv)

domain,ipaddress,country,asn,company,http status,md5sum /
www.aucegypt.edu,213.181.237.41,EG,8524,AUC-Egypt Route,200,80d1fcb1991ce8d5a3954e625aab689e
www.nahdauniversity.org,64.8.121.194,US,17393,Trip.net Inc.,200,5d54e6a96bb44e838393ee37cd118fd9
www.deltauniv.edu.eg,72.18.158.154,US,30475,WeHostWebSites.com,200,30717ef741739337a4cd7bbf0704fa87
www.azhar.edu.eg,207.210.108.162,US,3595,GNAXNET-AS - Global Net Access LLC,200,625569b213b6817822952f6428a93f45
www.o6u.edu.eg,174.123.38.244,US,21844,ThePlanet.com Internet Services Inc.,200,7c4b3bd4aa0e646e66a0abb06fbd7de6
www.futureuniversity.edu.eg,174.120.59.114,US,21844,ThePlanet.com Internet Services Inc.,200,7b6d3ff23af5532f3c636ba11e4fbd1c
www.su.edu.eg,66.147.240.157,US,11798,Ace Data Centers Inc.,200,a651378cea3dd5ac01d43b1d5390a591
www.kfs.edu.eg,195.246.54.56,EG,2561,EUN,,
www.bsu.edu.eg,193.227.35.10,EG,2561,EUN,,
www.benha-univ.edu.eg,193.227.1.53,EG,2561,EUN,,
www.pua.edu.eg,196.219.56.39,EG,8452,TE-DATA,,
www.shams.edu.eg,193.227.20.23,EG,2561,EUN,,
www.cu.edu.eg,,,,,,
www.mans.edu.eg ,,,,,,
www.helwan.edu.eg,,,,,,
www.alex.edu.eg,,,,,,
www.zu.edu.eg,,,,,,
www.guc.edu.eg,,,,,,
www.tanta.edu.eg,,,,,,
www.aun.edu.eg,,,,,,
www.svu.edu.eg,,,,,,
www.minia.edu.eg,,,,,,
www.menoufia.edu.eg,,,,,,
www.must.edu,,,,,,
www.msa.eun.eg,,,,,,
www.fayoum.edu.eg,,,,,,
www.bue.edu.eg,,,,,,
www.miuegypt.edu.eg,,,,,,
www.sohag-univ.edu.eg,,,,,,
www.ufe.edu.eg,,,,,,
www.nileu.edu.eg,,,,,,
www.scuegypt.edu.eg,,,,,,
Anonymous
Obama's "internet kill switch" plan has no legs or place in a democratic and free society.

With the events in Egypt right now, its hard to see how the U.S Government could ever adopt a kill switch in the western world.

-Andrew
Anonymous

Sign Up for Free or Log In to start participating in the conversation!