--- morrowc.lists@gmail.com wrote: From: Christopher Morrow <morrowc.lists@gmail.com> On Sat, Dec 21, 2019 at 11:53 PM Scott Weeks <surfer@mauigateway.com> wrote:

--- morrowc.lists@gmail.com wrote: From: Christopher Morrow <morrowc.lists@gmail.com>

I do think the overall conversation about nation states disabling internet (which is not likely the case with Sean's original post?) is nanog-worthy. --------------------------------------

Yes, I believe you're correct for the most part. I just was more interested in the technical parts and there is a global audience here that may have insight as to how that part of the network is working. I can easily see how that would get out of control. But, how are they configuring their network elements to block is my question. (DPI? BGP? etc.)

ah! ok... I imagine there are a few knobs for each sort of thing that can get turned. I think we've seen over the years at least: 1) turkey blocking access to 8.8.8.8 (looked like mostly done with static /32's?) 2) egypt turning off internet for the country (prior to overthrow? - I believe 'phone calls to providers' was renesys's conclusion) https://dyn.com/blog/egypt-leaves-the-internet/ this article points at tunisia and iran as well. 3) pktelecom bgp routery making youtube less cat and more pain. https://dyn.com › blog › pakistan-hijacks-youtube-1 4) prc firewall - forms of mostly DPI packet skullduggery blocking random http (really tcp traffic), specific DNS RRs, disrupting/blocking various VPN technologies I'd say it probably depends a bunch on whom is doing the poking, for how long they plan to make this work/not-work and the tools they have immediately available :( Figuring more of this out seems like a good plan though... I'm not sure trying to actively subvert any of these nation state actions is particularly smart/healthy though :( (note: i don't think YOU/scott are looking for this last part, but generally speaking... it seems like folk put themselves in a bad place if/when they attempt to get around a nationstate's actions, particularly from inside that nationstate) ------------------------------------------------------- Thanks, I have left this on the list for now. I can go off list if necessary. That's good information. Does Dyn put this out regularly or just for certain events? I knew about 1-3, but how do folks find out about 4? :: Figuring more of this out seems like a good plan though... What I would like to find out is something like "the XXXcountry part of the network is unreachable via BGP/DNS/at all (firewall drops)" or something like that. It would be interesting to see how the different blocks are technically implemented and how that changes over time. And, no, I'm not looking to subvert those things. I live in the US where they do everything sneakily (ATT closet in SF still going?) but I wonder why microwave over the border or satellite isn't used. Then ad-hoc jumped through the country. I guess the getting killed or jailed if you get caught thing is why? I dunno, it is just an interesting thing to me. scott