Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Egypt offline

Published: 2011-01-28
Last Updated: 2011-01-28 09:08:50 UTC
by Mark Hofman (Version: 1)
7 comment(s)

 Most of you will be aware that the domestic situation in Egypt is a tad volatile.  We certainly do not get into the politics of things, however one event earlier today bears commenting on and that is the complete and utter shutdown of all internet connectivity in Egypt.  

Try and resolve any .eg site and you will receive .... nothing. 

To my knowledge this is unprecedented.  The main stream press is reporting that this is mainly because the unrest is being organised using twitter, SMS and other online services.  Similar to the events in Iran during the elections last year.  

From an IT security perspective how do you shut down a country? From what I can see for us external to the country access to the DNS servers is removed

dnstracer www.eeaa.gov.eg  

Tracing to www.eeaa.gov.eg[a] 

|___ FRCU.EUN.eg [gov.eg] (193.227.1.1) * * * 
|___ RIP.PSG.COM [gov.eg] (147.28.0.39) 
|     |___ NS2.TEDATA.NET [eeaa.gov.eg] (No IP address)
|      ___ NS1.TEDATA.NET [eeaa.gov.eg] (No IP address) 

So how is access denied to a whole country?  BGPMON (http://bgpmon.net/blog/?p=450) reports that close to 3000 routes to Egyptian networks were removed, effectively cutting them off the Internet.  Other articles are reporting that the major service providers went dark, easy enough to do I guess if you are the government. 

Feel free to comment, but please keep comments apolitical. 

Cheers

Mark 

Keywords:
7 comment(s)
Diary Archives