to take over the internet functions
Since each router/node is independent, the
mesh can cross political boundaries.
We think of the Internet as universal. We think of it in terms of a utility like electricity or water. It’s none of those things. In some countries, like the U.S., it would be very hard to ‘turn off’ the Internet. In places like Egypt, though, with a limited number of Internet backbones and a handful of Domain Name Service (DNS) servers, it’s easy. Here’s how it appears the Egyptian government turned their country’s Internet off.
First, here are some bare basics on how the Internet works. Every time you go to a Web site, you use its domain name such as Yahoo, ZDNet, etc. to find it. That’s not what the Internet’s software uses though to hook you up to a Web site. Instead, your network connection uses address resolver software to look up the site’s IP (Internet Protocol) address at a DNS server from the natural language address you’ve given it work work with. DNS is the Internet master address list. With it, instead of writing out an Internet IPv4 address like “http://209.85.135.99/,” one of Google’s many addresses, you can simply type in “http://www.google.com” and you’ll be you on your way. But, DNS can only work if it has the right address information in it.
One of the things that Egypt has done to block out the Internet is remove access to its DNS servers. As Mark Hoffman of the Internet Storm Center, which monitors malicious activity on the Internet, explained, “From an IT security perspective how do you shut down a country? From what I can see for us external to the country access to the DNS servers is removed.”
Hoffman used the Unix/Linux dnstracer command, which determines where a given DNS server gets its information from, and then follows the chain of DNS servers back to where they got their address information from. He found, as I did too when I tried, that you can only follow the Egyptian sites addresses so far and then the full address resolution process breaks down.
You can see this in Hoffman’s attempt to get the address for the Egyptian government site: www.eeaa.gov.eg
|___ FRCU.EUN.eg [gov.eg] (193.227.1.1) * * *
|___ RIP.PSG.COM [gov.eg] (147.28.0.39)
| |___ NS2.TEDATA.NET [eeaa.gov.eg] (No IP address)
| ___ NS1.TEDATA.NET [eeaa.gov.eg] (No IP address)
I used another tool for the www.idsc.gov.eg and found that its name servers:
frcu.eun.eg returned (SERVFAIL)
ns.idsc.gov.eg returned (SERVFAIL)
were also failing,
In short, you can’t currently get the Internet IP addresses for most Egyptian Web sites. In Egypt, the reverse is true. They can’t get to the right Internet addresses of the world’s Web sites.
There are ways to get around that kind of DNS trouble though. For example, all the Egyptian government’s Web sites are under the Internet’s IPv4 address range: 81.21.104.0/24. So, you might think you could get to an Egyptian government Web site using an address such as 81.21.104.1. No, that won’t work either. Here’s why.
