analysis of country wide internet outages caused by
play

Analysis of Country-wide Internet Outages Caused by Censorship - PowerPoint PPT Presentation

Dec 20, 2023 •148 likes •339 views

CAIDA Workshop on BGP and Traceroute data August 22nd, 2011- San Diego (CA), USA Analysis of Country-wide Internet Outages Caused by Censorship Alberto Dainotti - alberto@unina.it University of Napoli Federico II These slides are based on

  1. CAIDA Workshop on BGP and Traceroute data August 22nd, 2011- San Diego (CA), USA Analysis of Country-wide Internet Outages Caused by Censorship Alberto Dainotti - alberto@unina.it University of Napoli “Federico II” These slides are based on the following paper to be presented at ACM IMC 2011: A. Dainotti, C. Squarcella, E. Aben, K. C. Claffy, M. Chiesa, M. Russo, A. Pescapé, “Analysis of Country-wide Internet Outages Caused by Censorship” w w w . cai da. or g

  2. THE EVENTS Internet Disruptions in North Africa • Egypt - Protests in the country start around January 25th, 2011 - The government orders service providers to “shutdown” the Internet - On January 27th, around 22:34 GMT , several sources report the withdrawal in the Internet’s global routing table of almost all routes to Egyptian networks - The disruption lasts 5.5 days • Libya - Protests in the country start around 17th February 2011 - The government controls most of the country’s communication infrastructure - Three different connectivity disruptions: February 18th (6.8 hrs), 19th (8.3 hrs), March 3rd (3.7 days) • Similar events in other countries but we did not analyze them COMICS Research Group University of Napoli “Federico II” - Italy

  3. SOME FACTS Prefixes, ASes, Filtering Egypt - 3165 IPv4 and 6 IPv6 prefixes are delegated to Egypt by AfriNIC - They are managed by 51 Autonomous Systems - Filtering type: BGP only - Filtering dynamic: synchronized; progressive Libya - 13 IPv4 prefixes, no IPv6 prefixes - 2 (+ 1) Autonomous Systems operate in the country - Filtering type: mix of BGP , packet filtering, satellite signal jamming - Filtering dynamic: testing different techniques; somehow synchronized COMICS Research Group University of Napoli “Federico II” - Italy

  4. WHAT WE DID Combined different measurement sources • BGP - BGP updates from route collectors of RIPE-NCC RIS and RouteViews - We combined information from both databases - Graphical Tools: REX , BGPlay , BGPviz • Active Traceroute Probing - Archipelago Measurement Infrastructure ( ARK ) - We underutilized it.. • Internet Background Radiation (IBR) - Traffic reaching the UCSD network telescope - Capable of revealing different kinds of blocking COMICS Research Group w w w . cai da. or g University of Napoli “Federico II” - Italy

  5. THE DATA Geolocation + announced prefixes • IP ranges associated with the country of interest - Delegations from Regional Internet Registries (RIR) - Commercial geolocation database Egypt Libya AfriNIC delegated IPs 5,762,816 299,008 MaxMind GeoLite IPs 5,710,240 307,225 • Gather prefixes to be monitored. For each IP range: - We look up the address space in the BGP database of announced prefixes, to find an exactly matching BGP prefix - We find all the more specific (strict subset, longer) prefixes of this prefix - If the two previous steps yielded no prefix, we retrieve the longest BGP prefix entirely containing the address space • Every time we refer to an AS we actually refer to the IPs of that AS that are associated to the country of interest COMICS Research Group University of Napoli “Federico II” - Italy

  6. BGP prefix reachability • We reconstruct prefixes losing and regaining reachability - we build the routing history of a collector’s peer for each collector - using both RIBs and UPDATES - we mark a prefix as disappeared if it is withdrawn in each routing history Egyptian disconnection and reconnection [NOTE: IPv6 routes stayed up!] 3500 3500 number of re-announced IPv4 prefixes 3000 3000 number of visible IPv4 prefixes 2500 2500 2000 2000 1500 1500 1000 1000 500 500 0 0 20:00 20:30 21:00 21:30 22:00 22:30 23:00 09:00 09:30 10:00 10:30 11:00 11:30 12:00 COMICS Research Group University of Napoli “Federico II” - Italy

  7. BGP per-AS analysis • A detailed analysis shows there is synchronization among ASes EgAS1 EgAS2 EgAS3 EgAS4 EgAS5 EgStateAS 1000 number of re-announced IPv4 prefixes 800 600 400 200 0 09:00 09:30 10:00 10:30 11:00 11:30 12:00 COMICS Research Group University of Napoli “Federico II” - Italy

  8. ROUTE CHANGES BGPlay • The massive disconnection caused some path changes too COMICS Research Group University of Napoli “Federico II” - Italy

  9. UCSD TELESCOPE when malware helps.. • Unsolicited traffic - e.g. scanning from conficker-infected hosts - from the observed country and reaching a (mostly) unused /8 network at UCSD Egypt Libya 140 120 100 packets per second 80 60 40 20 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 2 2 2 2 - - - - - - - - - 2 2 2 3 3 0 0 0 0 7 8 9 0 1 1 2 3 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 : : : : : : : : : 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 COMICS Research Group University of Napoli “Federico II” - Italy

  10. UCSD TELESCOPE need to dissect traffic • We classified traffic to the telescope in - Conficker-like - Backscatter (e.g. SYN-ACKs to randomly spoofed SYNs of DoS attacks) - Other Egypt: telescope traffic 80 70 60 packets per second 50 40 30 20 10 0 01-27 00:00 01-28 00:00 01-29 00:00 01-30 00:00 01-31 00:00 02-01 00:00 02-02 00:00 02-03 00:00 02-04 00:00 COMICS Research Group University of Napoli “Federico II” - Italy other conficker-like backscatter

  11. TELESCOPE VS BGP Co nsistency • The sample case of EgAS7 shows the consistency between telescope traffic and BGP measurements Egypt: disconnection of EgAS7 0.7 100 0.6 Number of IPv4 prefixes in BGP 80 0.5 packets per second 60 0.4 0.3 40 0.2 20 0.1 0 0 01-27 00:00 01-28 00:00 01-29 00:00 01-30 00:00 01-31 00:00 02-01 00:00 02-02 00:00 02-03 00:00 02-04 00:00 COMICS Research Group packet rate of unsolicited traffic University of Napoli “Federico II” - Italy visibility of BGP prefixes

  12. TELESCOPE VS BGP Co mplementarity Libya 8 • Contrasting telescope traffic with 7 BGP measurements revealed a mix of 6 packets per second 5 blocking techniques that was not 4 publicized by others 3 2 • The second Libyan outage involved 1 overlapping of BGP withdrawals 0 02-18 12:00 02-19 00:00 02-19 12:00 02-20 00:00 02-20 12:00 02-21 00:00 and packet filtering 14 12 number of visible prefixes 10 8 6 4 2 COMICS Research Group 0 02-18 12:00 02-19 00:00 02-19 12:00 02-20 00:00 02-20 12:00 02-21 00:00 University of Napoli “Federico II” - Italy

  13. TELESCOPE VS BGP Co nfusion? • BGP-unreachability doesn’t, in general, prevent outbound traffic - We found networks that were BGP-unreachable sending traffic to the telescope - and networks BGP-reachable that were not - Topology analysis may help to better understand this behavior Telescope traffic from two Egyptian ASes 90 80 70 packets per second 60 50 40 30 20 10 0 01-27 00:00 01-28 00:00 01-29 00:00 01-30 00:00 01-31 00:00 02-01 00:00 02-02 00:00 02-03 00:00 02-04 00:00 COMICS Research Group EgAS4 EgStateAS University of Napoli “Federico II” - Italy

  14. ARK active measurements • ARK active measurements are consistent with other sources - limitation due to frequency of probes and because they target random addresses - the first two Libyan outages are not visible - we used them only to test reachability , not to analyze topology Egypt Libya ! ! 5% ! ! ! ! ! ! ! ! ! Ark traceroute to Egypt terminating in Egypt Ark traceroute to Libya terminating in Libya ! ! ! 15% ! ! ! ! 4% ! ! ! ! ! ! ! ! ! 3% 10% ! ! ! 2% ! 5% ! ! 1% ! ! ! ! Feb Mar Feb Mar ! ! ! ! ! ! ! ! ! ! ! ! 12 14 16 18 20 22 24 26 28 2 4 6 8 10 12 14 Jan Jan Feb Feb 21 22 23 24 25 26 27 28 29 30 2 3 4 5 6 COMICS Research Group University of Napoli “Federico II” - Italy

  15. ARK confirming telescope’s findings • Third Libyan outage: while BGP reachability was up, most of Libya was disconnected - ARK measurements confirmed the finding from the telescope, plus identified some reachable hosts, suggesting the use of packet filtering by the censors Libya: ARK (left) , Telescope (right) 5% ! 8 ! Ark traceroute to Libya terminating in Libya ! ! ! ! 7 ! 4% ! ! ! ! ! 6 ! ! ! packets per second ! 3% 5 ! ! 4 ! 2% 3 ! 2 1% 1 ! ! ! ! Feb Mar Feb Mar ! ! ! ! ! ! 0 ! ! 03-01 00:00 03-02 00:00 03-03 00:00 03-04 00:00 03-05 00:00 03-06 00:00 03-07 00:00 03-08 00:00 12 14 16 18 20 22 24 26 28 2 4 6 8 10 12 14 COMICS Research Group University of Napoli “Federico II” - Italy

  16. SATELLITE CONNECTIVITY probable signal jamming • Third Libyan outage - a Libyan IPv4 prefix managed by SatAS1 was BGP-reachable - a small amount of traffic from that prefix reaches the telescope Libya: Telescope traffic from national operator and satellite-based ISP 5 4 packets per second 3 2 1 0 0 0 0 0 2 2 3 3 - - - - 1 2 0 1 9 6 4 1 0 0 0 0 0 0 0 0 : : : : 0 0 0 0 0 0 0 0 COMICS Research Group University of Napoli “Federico II” - Italy LyStateAS SatAS1

Recommend

An Internet-Wide Analysis of Traffic Policing Tobias Flach, Pavlos Papageorge, Andreas Terzis,

An Internet-Wide Analysis of Traffic Policing Tobias Flach, Pavlos Papageorge, Andreas Terzis,

An Internet-Wide Analysis of Traffic Policing Tobias Flach, Pavlos Papageorge, Andreas Terzis, Luis Pedrosa, Yuchung Cheng, Tayeb Karim, Ethan Katz-Bassett, Ramesh Govindan policing-paper@google.com 1 Internet Service Provider Content

588 views • 39 slides
The Impact of Router Outages on the AS-Level Internet Matthew Luckie* - University of Waikato

The Impact of Router Outages on the AS-Level Internet Matthew Luckie* - University of Waikato

The Impact of Router Outages on the AS-Level Internet Matthew Luckie* - University of Waikato Robert Beverly - Naval Postgraduate School *work started while at CAIDA, UC San Diego SIGCOMM 2017, August 24th 2017 1 w w w . cai da. or

1.13k views • 56 slides
4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and the Browser 4.3 What Browsers Can Do for Us 4.4 What is a Website? 4.5 Website Design 4.6 Other Creatures on the Web 4.7 Key Web Software

1.02k views • 97 slides
TLS in the wild An Internet-wide analysis of TLS-based protocols for electronic communication

TLS in the wild An Internet-wide analysis of TLS-based protocols for electronic communication

TLS in the wild An Internet-wide analysis of TLS-based protocols for electronic communication Ralph Holz School of Information Technologies Faculty of Engineering & Information Technologies Team This is joint work with Johanna

678 views • 28 slides
WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a Global View the Internet is an evolving open system no central point, no typical network or user complexity everywhere: topology, usage

608 views • 13 slides
Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet

Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet

Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet Measurement Village 2020 Italy, March 11th - 2020 Tales from a mid-pandemic network outage Public 2 ...failure on a foreign network... Source :

591 views • 29 slides
Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Fast Internet-Wide Scanning, ZMap Weak Keys and the HTTPS Certificate Ecosystem Zakir Durumeric Michael Bailey University of Michigan ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

491 views • 46 slides
Internet-Wide Scanning and its Measurement Applications Zakir Durumeric University of Michigan

Internet-Wide Scanning and its Measurement Applications Zakir Durumeric University of Michigan

Internet-Wide Scanning and its Measurement Applications Zakir Durumeric University of Michigan RIPE 68 - Measurement, Analysis and Tools Working Group 15 May 2014 Golden Age of Internet Scanning As of the last year, it is now possible to scan

865 views • 23 slides
wide side of the Internet why 1/x distribu4on is so

wide side of the Internet why 1/x distribu4on is so

wide side of the Internet why 1/x distribu4on is so prevalent in Internet data? the spo:er team S. Laki Physics of Complex Systems P.

360 views • 24 slides
Sensitivity analysis for the outages of nuclear power plants Kengy Barty , Fr eric Bonnans

Sensitivity analysis for the outages of nuclear power plants Kengy Barty , Fr eric Bonnans

Introduction Study of the reference problem Sensitivity analysis Sensitivity analysis for the outages of nuclear power plants Kengy Barty , Fr eric Bonnans , and Laurent Pfeiffer ed INRIA Saclay and CMAP, Ecole

831 views • 32 slides
Internet Observation with N-TAP: how it works and what it does Kenji Masui

Internet Observation with N-TAP: how it works and what it does Kenji Masui

10th CAIDA/WIDE Workshop - 1st CAIDA/WIDE/CASFI Workshop (2008-08-16) Internet Observation with N-TAP: how it works and what it does Kenji Masui kmasui@gsic.titech.ac.jp WIDE Project / Tokyo Institute of Technology Internet Observation with

309 views • 17 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet Connectivity MANET/NEMO integration IPv6 Support on MANET MANET on the Internet Where can MANET be deployed in our daily life?

564 views • 27 slides
Wide-Area Internet Measurement at MIT: Data Collection and Analysis Nick Feamster, Dave Andersen,

Wide-Area Internet Measurement at MIT: Data Collection and Analysis Nick Feamster, Dave Andersen,

Wide-Area Internet Measurement at MIT: Data Collection and Analysis Nick Feamster, Dave Andersen, Hari Balakrishnan M.I.T. Laboratory for Computer Science {feamster,dga,hari}@lcs.mit.edu Collection: Infrastructure and Data Topology: 31 widely

284 views • 15 slides
INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the collection of huge network that is accessible to everyone and everywhere across the world. It connects millions of computers together globally,

338 views • 8 slides
Main Contents Genetic analysis of PRRSV (Porcine Reproductive & Respiratory Syndrome) in

Main Contents Genetic analysis of PRRSV (Porcine Reproductive & Respiratory Syndrome) in

20/09/2011 NNG LM UNIVERSITY VIET NAM DEPARTMENT OF BIOTECHNOLOGY Diagnosis and Gene Diagnosis and Genetic analysis of some tic analysis of some viruses caused emerging d viruses caused emerging diseases in seases in pig pig in

414 views • 19 slides
The Internet and World Wide Web CSE 190 M (Web Programming), Spring 2007 University of Washington

The Internet and World Wide Web CSE 190 M (Web Programming), Spring 2007 University of Washington

CSE 190 M Slides: Internet/WWW Page 1 The Internet and World Wide Web CSE 190 M (Web Programming), Spring 2007 University of Washington Reading: Sebesta Ch. 1 sections 1.1 - 1.5.2, 1.7 - 1.8.5, 1.8.8, 1.9 What is the Internet? A "series

451 views • 6 slides
Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet

Fixing WTFs - Detecting Image Matches caused by Watermarks, Timestamps, and Frames in Internet Photos Tobias Weyand, Chih-Yun Tsai, Bastian Leibe Fixing WTFs Poster No. 26 Overview Many Computer Vision Applications use Internet photos,

818 views • 38 slides
Web Programming Pingmei Xu World Wide Web Wikipedia definition: a system of interlinked

Web Programming Pingmei Xu World Wide Web Wikipedia definition: a system of interlinked

Web Programming Pingmei Xu World Wide Web Wikipedia definition: a system of interlinked hypertext documents accessed via the Internet. image from http://www.syslog.cl.cam.ac.uk/ Web Internet World Wide Web : a collection Internet : a

876 views • 65 slides
Overview/Questions Is it the Internet or the World Wide Web. Whats the difference? How

Overview/Questions Is it the Internet or the World Wide Web. Whats the difference? How

CS120 Lecture 17: The World Wide Web and HTML Web Publishing John Magee 9 November 2012 1 Overview/Questions Is it the Internet or the World Wide Web. Whats the difference? How do you visit a web site? How does your browser know

319 views • 21 slides
CMPT 165 CMPT 165 INTRODUCTION TO THE INTERNET INTRODUCTION TO THE INTERNET AND THE WORLD WIDE

CMPT 165 CMPT 165 INTRODUCTION TO THE INTERNET INTRODUCTION TO THE INTERNET AND THE WORLD WIDE

CMPT 165 CMPT 165 INTRODUCTION TO THE INTERNET INTRODUCTION TO THE INTERNET AND THE WORLD WIDE WEB AND THE WORLD WIDE WEB By Hassan S. Shavarani UNIT1: THE INTERNET AND THE WORLD WIDE WEB UNIT1: THE INTERNET AND THE WORLD WIDE WEB 1

1.02k views • 34 slides
Overview/Questions Is it the Internet or the World Wide Web. Whats the difference? How

Overview/Questions Is it the Internet or the World Wide Web. Whats the difference? How

CS101 Lecture 02: The World Wide Web and HTML John Magee 2 July 2013 1 Overview/Questions Is it the Internet or the World Wide Web. Whats the difference? How do you visit a web site? How does your browser know what to do? How

531 views • 20 slides
Overview/Questions Is it the Internet or the World Wide Web. Whats the difference?

Overview/Questions Is it the Internet or the World Wide Web. Whats the difference?

CS101 Lecture 02: The World Wide Web and HTML Aaron Stevens 16 January 2009 1 Overview/Questions Is it the Internet or the World Wide Web. Whats the difference? How do you visit a web site? How does your browser know what to

158 views • 11 slides
Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on

Experiencing a new Internet Architecture Adrian Perrig, Network Security Group The Internet is on Fire! Lack of sovereignty Frequent outages https://downdetector.com Constant DDoS attacks https://www.digitalattackmap.com

730 views • 48 slides

More recommend