In the last couple of weeks, the former Egyptian government was under siege by protesters organized via social media. Prior to Mubarek's dethronement, the Egyptian government was desperate enough to cripple access to the Internet within the country's borders. Some are mystified by how this was done, but I have a simple hypothesis to explain it.
Egypt has a state-owned communication backbone with very few legs to the Internet. DNS is centralized at the telco. Turn off DNS and the Internet apparently goes down. Network administrators the world over know how frustrating a DNS failure is. The general Internet using populace doesn't have a clue that a DNS outage is not a true Internet outage. The difference is such that there is no difference to the general user. They can't get to Internet based sites and services.
DNS (Domain Name Service) uses names to find publicly routed IP addresses. If you know these number addresses, you can crudely navigate the Internet without knowing or using the names. For example DNS will take "google.com" and use IP address 74.125.227.51 to get to one of Google's many search servers. Go ahead and copy the IP address above into your browser's address field.... you'll get the familiar search page.
The problem with a DNS outage is that no one can remember all of the IP addresses, links between sites rely upon DNS, and dynamically generated sites are also name dependent. So, even a tech-savvy web surfer will have limited success with browsing the Internet without DNS.
With the Internet so important to communication and commerce, how do you protect yourself from the simple yet destructive act of turning off DNS at the backbone; as Egypt apparently did for their populace? The easy answer is, get a VPN connection.
Those who had VPN's to localize their connection outside of Egypt's borders will not have experienced the outage.
Another answer is to attach by IP to a web proxy that browses by IP instead of domain name. I haven't seen such a proxy, but it seems trivial to make an adaption of Squid that will do so.
If Egypt can pull the Internet plug, can other countries do it also? The answer is, it depends.
In the US, the answer is "no" for several reasons. A majority of the the DNS backbone servers... the root servers that control it all... are in the US. Also, the major telecoms are not state-owned. Turning off DNS in the US would mean "turning off" the Internet for most of the world and losing billions in commerce. The US government would be incredibly stupid to do so.
The only nations that can "pull the plug" are those that match Egypt's infrastructure. State-owned with very few (or tightly-controlled) wire or fiber bundles that cross the borders. But don't bet on it, protect yourself. It's cheap and easy to get a VPN connection and fun. As always with services on the Internet, watch out for scammers when you go searching for your own VPN.
Happy browsing while you thumb your nose at your local dictator!
Egypt has a state-owned communication backbone with very few legs to the Internet. DNS is centralized at the telco. Turn off DNS and the Internet apparently goes down. Network administrators the world over know how frustrating a DNS failure is. The general Internet using populace doesn't have a clue that a DNS outage is not a true Internet outage. The difference is such that there is no difference to the general user. They can't get to Internet based sites and services.
DNS (Domain Name Service) uses names to find publicly routed IP addresses. If you know these number addresses, you can crudely navigate the Internet without knowing or using the names. For example DNS will take "google.com" and use IP address 74.125.227.51 to get to one of Google's many search servers. Go ahead and copy the IP address above into your browser's address field.... you'll get the familiar search page.
The problem with a DNS outage is that no one can remember all of the IP addresses, links between sites rely upon DNS, and dynamically generated sites are also name dependent. So, even a tech-savvy web surfer will have limited success with browsing the Internet without DNS.
With the Internet so important to communication and commerce, how do you protect yourself from the simple yet destructive act of turning off DNS at the backbone; as Egypt apparently did for their populace? The easy answer is, get a VPN connection.
Those who had VPN's to localize their connection outside of Egypt's borders will not have experienced the outage.
Another answer is to attach by IP to a web proxy that browses by IP instead of domain name. I haven't seen such a proxy, but it seems trivial to make an adaption of Squid that will do so.
If Egypt can pull the Internet plug, can other countries do it also? The answer is, it depends.
In the US, the answer is "no" for several reasons. A majority of the the DNS backbone servers... the root servers that control it all... are in the US. Also, the major telecoms are not state-owned. Turning off DNS in the US would mean "turning off" the Internet for most of the world and losing billions in commerce. The US government would be incredibly stupid to do so.
The only nations that can "pull the plug" are those that match Egypt's infrastructure. State-owned with very few (or tightly-controlled) wire or fiber bundles that cross the borders. But don't bet on it, protect yourself. It's cheap and easy to get a VPN connection and fun. As always with services on the Internet, watch out for scammers when you go searching for your own VPN.
Happy browsing while you thumb your nose at your local dictator!
No comments:
Post a Comment