The First Thing We Do, Let’s Kill All the Traffic

As Monotreme noted earlier today, Libya’s Internet connectivity went dark on Thursday.

It doesn’t seem that they turned off network traffic within the country, though. Rather, they simply used Internet Protocol (IP) filtering to prohibit data originating from outside Libya to get in.

Contrast this with Egypt’s approach of turning off the route broadcasts. With Egypt’s approach, no Internet traffic would enter the country. It’s as if nobody can remember how to get there, and all of the maps were burned. When the route broadcasts are turned off, zero traffic will enter. At least once the routers forget how to get traffic there, which takes a little time.

So why did Libya do it differently?

This is pure speculation on my part, but I suspect that Qadhafi’s people are still accessing the Internet. If they want to have good connectivity, but prevent everyone else from same, they can set up IP filtering to allow a small range of Internet addresses through. By doing this, they can set up proxies somewhere outside of Libya, allow traffic from the addresses of those proxies to enter Libya’s network, and thus access nearly anything on the Internet that they wish.

About Michael Weiss

Michael is now located at, along with Monotreme, filistro, and dcpetterson. Please make note of the new location.
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

5 Responses to The First Thing We Do, Let’s Kill All the Traffic

  1. Monotreme says:

    Thanks for the explanation, Michael. I know very little about such things and want to learn more.

    What effect does this have on traffic within Libya? Does it matter, since (for example) to post up a demonstration time and place on Facebook would presumably mean sending the data outside the country, and then it can’t get back in?

  2. Monotreme,
    Most Internet communications use TCP/IP, which requires bidirectional communication. If their IP filtering is stateful, then it can tell if the connection originated inside the country and is capable of then allowing that channel to send data in both directions. This is part of how most home Internet routers work to keep outsiders from infiltrating the home networks.

    But they can filter in both directions (which they probably are doing). In that case, it won’t allow outbound traffic (except, perhaps, to a proxy), and won’t allow inbound traffic (except, perhaps, from that proxy).

  3. shortchain says:

    Lacking a knowledge of what the infrastructure of Libyan and Egyptian networks may be, it’s hard to give a read on the reasons for these actions. You are very likely correct, Michael, but an alternative explanation is just what part of the network structure is under control of the government.

    In the case of Egypt, a sprawling, rather modern area in the north very likely has a rather chaotic and diverse collection of network connections, some of them under private control. As such, the Egyptian government’s methodology was forced, since they obviously controlled the top-level name servers.

    In the case of Libya, on the other hand, I suspect that there is a small set of connections which go outside the country, all of which go through routers under the control of the Libyan government. Hence, they could shut down the internet for almost everybody else and keep it open for themselves (with a little bit of help from some company or companies outside).

    So the answer is: they didn’t need to go nuclear because they had plenty of conventional weaponry.

  4. JC2 says:


    Everything Michael said is accurate. You seem very knowledgeable and resourceful so amplifying on Michael’s answers may not be needed, but maybe I can help others who may drop in on this thread. Micheal, feel free to correct me if I should miss speak.

    First, I would add that a proxy is a relay server that can do some useful things like port translation, authentication and content filtering. Proxy servers were commonly used in businesses back when firewalls had five and even six digit price tags. Proxy servers fell in popularity as firewalls have become inexpensive and ubiquitous. Some firewalls have the ability to act as a proxy server in addition to other tasks they perform.

    It s highly likely that the Libyan government is using proxy servers or some equivalent to access the internet for their own purposes.

    What effect does this have on traffic within Libya?

    I haven’t been able to learn what the reality is in Libya today, but taking the scenario Michael paints above, intra-country traffic could potentially be unaffected so, for instance, businesses could send and receive emails from each other and their web sites may be available though heavily censored.

    Does it matter, since (for example) to post up a demonstration time and place on Facebook would presumably mean sending the data outside the country, and then it can’t get back in?

    This is the case for Facebook, except Libyans aren’t able to connect to Facebook to send the data out, let alone get any back in.

    It is the same for Google and other internet services. Google likes to put servers within ISPs for logistical purposes but Libya has just one ISP and that is the government. If the Libyan government never allowed a Google server in country, then one cannot institute a Google search because search terms cannot be transmitted to Google’s servers. Even if there are one or more Google servers within Libya, they most likely cannot refresh with new (external) information and so any searches would return only “stale” (and aging) results.

    It is most likely the same situation for smart cell phones as both cell phone companies in Libya are state owned.

  5. JC2 says:

    Just found this on TechCrunch:

    Sorry for the typos and overuse of bolding in my previous reply. It has been years since I did html by hand and I must have missed the “r” in one of my newline tags.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s