canman57
7 January 2009, 22:58
I don't know if this belongs in here or in the Terrorism section. If this isn't with the theme of this site, or if you just don't want it on here....Let me know I will delete it.
The original link is found at: http://asert.arbornetworks.com/2009/01/the-effects-of-war-gaza-and-israel/
The Effects of War: Gaza and Israel
by Jose Nazario
The ongoing Israeli-Gaza crisis has had an effect, it seems, on Internet activity. Our monitors have been crunching all sorts of data, some of it related to Israel and the conflict in Gaza. Many reports are out and have analyzed a wave of website defacements around this conflict, so we wont cover those here.
We were motivated by a couple of things, the first being a series of reports about the disruptions on power and telecommunications by the Israeli bombing campaign, specifically these two articles: Gaza telecommunication systems offline from Turkish Weekly, and Gaza close to losing phone contact via the Press Association. With this in mind, I went ahead and looked at the reachability of IP prefixes assigned to the Palestinian Territories. What I did was enumerate all of the prefixes, then generate a random IP address in the prefix and traceroute to it. If I could reach the IP prefix network, the node is marked in blue in the graphic below. If not, it ends in a “*”, the all-too-familiar “hop missing” marker that we see in traceroute.
ps_traceroute_reachability.png
The routers that can’t find its next hop on its way to the Palestinian Territories are listed here, together with their ASN and network name, and country code:
1239 | 144.232.13.64 | US | SPRINTLINK - Sprint
8551 | 192.117.239.146 | | BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
1680 | 212.143.12.104 | IL | NetVision Ltd.
1680 | 212.143.12.4 | IL | NetVision Ltd.
8584 | 212.150.38.22 | IL | BARAK Netvision 013 Barak - Barak Network
8584 | 212.150.42.18 | IL | BARAK Netvision 013 Barak - Barak Network
1680 | 212.235.97.197 | IL | NetVision Ltd.
20965 | 62.40.124.242 | EU | GEANT The GEANT IP Service
3549 | 64.210.14.94 | US | GBLX Global Crossing Ltd.
15975 | 82.102.199.51 | PS | Palnet Communications Ltd. AS Number
12975 | 82.213.1.106 | PS | PALTEL-AS PALTEL Autonomous System
47253 | 93.184.0.138 | PS | BNET-AS Bnet AS Number
You can see that some of them are right there, either in Israel or the Palestinian Territories (PS), but a couple are far away, in Europe or the US. Note that I don’t know which prefixes end up in Gaza and which in the West Bank, nor do I know how stable the prefixes are. This is just a snapshot at this point in time from a network using Sprint as an upstream.
Note that this isn’t BGP analysis, just traceroute analysis. Danny tells me he didn’t see massive BGP disruptions for the PS prefixes we analyzed (the same ones from the above traceroute study).
As for DDoS activity, we’re seeing no major upticks in measured traffic to IL or PS prefixes and ASNs, but we are seeing a couple of botnets pound away on IL targets: the botnet C&C at h278666y.net is commanding its members to ICMP flood this host:
ns1.undaground.co.il A 212.199.206.200
ns3.metahost.co.il A 212.199.206.200
And the C&C at ddosmanager.org commanded its members to strike this host a few days ago:
poptraf.net A 212.150.34.56
poptraf.net NS ns1.nameself.com
poptraf.net NS ns2.nameself.com
Finally, we have been told about a website, “Help Israel Win”, that is using DDoS and a simple to use Windows tool to target PS and related websites. Users can download and “join the cause”, just like we’ve seen elsewhere (RU-GE, RU-EE, CN-CNN, etc).
HelpIsraelWinSite.png
Cyberwar enters yet another event, but so far there are no new major twists on the theme yet.
Related:
* Israel/Hamas battle goes Web 2.0 from ArsTechnica
* Israeli news site down, blames cyber attack, on C|Net; also see Cyber Attacks Coincide with Israel’s Attack on Gaza from Never Yet Melted.
* Muslim hackers attack Israeli websites as Gaza strikes continue, from SC Magazine
* More Attacks on Israeli Websites via the blog Politically Motivated Computer Crime and Hacktivism
* On Cyber War from the MCW Research blog discussing these attacks and if they rise to the level of warfare
The original link is found at: http://asert.arbornetworks.com/2009/01/the-effects-of-war-gaza-and-israel/
The Effects of War: Gaza and Israel
by Jose Nazario
The ongoing Israeli-Gaza crisis has had an effect, it seems, on Internet activity. Our monitors have been crunching all sorts of data, some of it related to Israel and the conflict in Gaza. Many reports are out and have analyzed a wave of website defacements around this conflict, so we wont cover those here.
We were motivated by a couple of things, the first being a series of reports about the disruptions on power and telecommunications by the Israeli bombing campaign, specifically these two articles: Gaza telecommunication systems offline from Turkish Weekly, and Gaza close to losing phone contact via the Press Association. With this in mind, I went ahead and looked at the reachability of IP prefixes assigned to the Palestinian Territories. What I did was enumerate all of the prefixes, then generate a random IP address in the prefix and traceroute to it. If I could reach the IP prefix network, the node is marked in blue in the graphic below. If not, it ends in a “*”, the all-too-familiar “hop missing” marker that we see in traceroute.
ps_traceroute_reachability.png
The routers that can’t find its next hop on its way to the Palestinian Territories are listed here, together with their ASN and network name, and country code:
1239 | 144.232.13.64 | US | SPRINTLINK - Sprint
8551 | 192.117.239.146 | | BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
1680 | 212.143.12.104 | IL | NetVision Ltd.
1680 | 212.143.12.4 | IL | NetVision Ltd.
8584 | 212.150.38.22 | IL | BARAK Netvision 013 Barak - Barak Network
8584 | 212.150.42.18 | IL | BARAK Netvision 013 Barak - Barak Network
1680 | 212.235.97.197 | IL | NetVision Ltd.
20965 | 62.40.124.242 | EU | GEANT The GEANT IP Service
3549 | 64.210.14.94 | US | GBLX Global Crossing Ltd.
15975 | 82.102.199.51 | PS | Palnet Communications Ltd. AS Number
12975 | 82.213.1.106 | PS | PALTEL-AS PALTEL Autonomous System
47253 | 93.184.0.138 | PS | BNET-AS Bnet AS Number
You can see that some of them are right there, either in Israel or the Palestinian Territories (PS), but a couple are far away, in Europe or the US. Note that I don’t know which prefixes end up in Gaza and which in the West Bank, nor do I know how stable the prefixes are. This is just a snapshot at this point in time from a network using Sprint as an upstream.
Note that this isn’t BGP analysis, just traceroute analysis. Danny tells me he didn’t see massive BGP disruptions for the PS prefixes we analyzed (the same ones from the above traceroute study).
As for DDoS activity, we’re seeing no major upticks in measured traffic to IL or PS prefixes and ASNs, but we are seeing a couple of botnets pound away on IL targets: the botnet C&C at h278666y.net is commanding its members to ICMP flood this host:
ns1.undaground.co.il A 212.199.206.200
ns3.metahost.co.il A 212.199.206.200
And the C&C at ddosmanager.org commanded its members to strike this host a few days ago:
poptraf.net A 212.150.34.56
poptraf.net NS ns1.nameself.com
poptraf.net NS ns2.nameself.com
Finally, we have been told about a website, “Help Israel Win”, that is using DDoS and a simple to use Windows tool to target PS and related websites. Users can download and “join the cause”, just like we’ve seen elsewhere (RU-GE, RU-EE, CN-CNN, etc).
HelpIsraelWinSite.png
Cyberwar enters yet another event, but so far there are no new major twists on the theme yet.
Related:
* Israel/Hamas battle goes Web 2.0 from ArsTechnica
* Israeli news site down, blames cyber attack, on C|Net; also see Cyber Attacks Coincide with Israel’s Attack on Gaza from Never Yet Melted.
* Muslim hackers attack Israeli websites as Gaza strikes continue, from SC Magazine
* More Attacks on Israeli Websites via the blog Politically Motivated Computer Crime and Hacktivism
* On Cyber War from the MCW Research blog discussing these attacks and if they rise to the level of warfare