Monday, January 31, 2011

How The Egyptian Regime Cut Off Internet Access

Picture Credit: TechWorld - Egypt cut off from Internet as government cracks down on protest


"The Egyptian government has been able to cut off most of the country's internet access simply by shutting down the various DNS servers used by Egyptian internet service providers. As such, any requests for web pages initiated from inside Egypt have been unsuccessful since there aren't any available DNS servers to facilitate the hand-offs, and any requests for websites located inside Egypt coming from computers anywhere else in the world haven't worked either.

While this has affected most of Egypt's internet traffic, some people are able to work around the issue by manually using DNS servers that haven't been taken offline—similar to the method I used when Comcast's DNS server went down. is reporting that 88% of Egypt's internet traffic has been knocked offline, which seems to indicate that 12% of those who are still able to access the internet there are either using alternative DNS servers or haven't had their DNS servers taken offline yet (apparently some dial-up internet connections are still able to get through, for instance)."

"While images of a big red button housed inside a Plexiglass case that can only be unlocked by two simultaneous key twists of top government officials seem to fit the idea of how such an internet kill switch would work, the reality is far more mundane. In Egypt's case, the internet service providers that operate within the country agree to let the government shut down the commonly-used DNS servers if they see fit to do so.

The BBC reports that one of Egypt's big internet service providers, Vodafone, issued an e-mail statement simply stating that the company was instructed to shut down its DNS servers. "Under Egyptian legislation the authorities have the right to issue such and order and we are obliged to comply with it," said the statement.

The same order was almost certainly issued to all the other internet service providers operating inside Egypt and, just like that, the internet went down."

Time Online (Techland) - How Egypt Cut Off the Internet (and How a U.S. 'Kill Switch' Might Work)


"Renesys found that: "At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the internet's global routing table. Approximately 3,500 individual BGP [Border Gateway Protocol] routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange internet traffic with Egypt's service providers. Virtually all of Egypt's internet addresses are now unreachable, worldwide.""

"An analysis by Renesys, which provides real-time monitoring of internet access, says that "every Egyptian provider, every business, bank, internet cafe, website, school, embassy and government office that relied on the big four Egyptian ISPs for their internet connectivity is now cut off from the rest of the world. Link Egypt, Vodafone/Raya, Telecom Egypt, Etisalat Misr, and all their customers and partners are, for the moment, off the air."

That has caused concern among observers who believe that internet access – which the Egyptian government limited earlier this week by cutting off social networks – is essential to ensure that government acts responsibly towards its citizens. Tim Bray, an engineer at Google, tweeted: "I feel that as soon as the world can't use the net to watch, awful things will start happening."" - Egypt cuts off internet access
Most of the major internet service providers in Egypt are offline following week-long protests


"Our new observation is that this was not an instantaneous event on the front end; each service provider approached the task of shutting down its part of the Egyptian Internet separately.

* Telecom Egypt (AS8452), the national incumbent, starts the process at 22:12:43.
* Raya joins in a minute later, at 22:13:26.
* Link Egypt (AS24863) begins taking themselves down 4 minutes later, at 22:17:10.
* Etisalat Misr (AS32992) goes two minutes later, at 22:19:02
* Internet Egypt (AS5536) goes six minutes later, at 22:25:10.

First impressions: this sequencing looks like people getting phone calls, one at a time, telling them to take themselves off the air. Not an automated system that takes all providers down at once; instead, the incumbent leads and other providers follow meekly one by one until Egypt is silenced."

Renesys - Egypt Leaves the Internet


"The cut-off happened just after midnight, local time, according to Internet monitoring firm Renesys, when the largest Internet Service Providers operating out of the country stopped providing the Border Gateway Protocol (BGP) routing information used to connect the rest of the world with computers in the Egypt."

"Similar widespread outages have been blamed on cuts to undersea fibre optic cables, but that doesn't seem to be what happened this time around, said Paul Ferguson, a researcher with security firm Trend Micro. An outage on a cable would not just effect Egypt, it would cut off all of sub-Saharan Africa." he said. "This is apparently a deliberate blackout.""

"But Egypt's Internet isolation is not complete. One service provider, Noor Data Networks, the provider used by the Egyptian Stock Exchange, is unaffected."
TechWorld - Egypt cut off from Internet as government cracks down on protest


  1. Thanks for this post, I was wondering how they did it.

  2. Is there a list of IP addresses that still work then?

  3. i am unaware of such a list. if i find one, i will pass it along.