On Sat, Dec 21, 2019 at 11:53 PM Scott Weeks <surfer@mauigateway.com> wrote:

--- morrowc.lists@gmail.com wrote: From: Christopher Morrow <morrowc.lists@gmail.com>

I do think the overall conversation about nation states disabling internet (which is not likely the case with Sean's original post?) is nanog-worthy. --------------------------------------

Yes, I believe you're correct for the most part. I just was more interested in the technical parts and there is a global audience here that may have insight as to how that part of the network is working. I can easily see how that would get out of control. But, how are they configuring their network elements to block is my question. (DPI? BGP? etc.)

ah! ok... I imagine there are a few knobs for each sort of thing that can get turned. I think we've seen over the years at least: 1) turkey blocking access to 8.8.8.8 (looked like mostly done with static /32's?) 2) egypt turning off internet for the country (prior to overthrow? - I believe 'phone calls to providers' was renesys's conclusion) https://dyn.com/blog/egypt-leaves-the-internet/ this article points at tunisia and iran as well. 3) pktelecom bgp routery making youtube less cat and more pain. https://dyn.com › blog › pakistan-hijacks-youtube-1 4) prc firewall - forms of mostly DPI packet skullduggery blocking random http (really tcp traffic), specific DNS RRs, disrupting/blocking various VPN technologies I'd say it probably depends a bunch on whom is doing the poking, for how long they plan to make this work/not-work and the tools they have immediately available :( Figuring more of this out seems like a good plan though... I'm not sure trying to actively subvert any of these nation state actions is particularly smart/healthy though :( (note: i don't think YOU/scott are looking for this last part, but generally speaking... it seems like folk put themselves in a bad place if/when they attempt to get around a nationstate's actions, particularly from inside that nationstate) -chris