Network Monitor

Network Monitor – September 2020

A number of disruptions to specific services this month, including Google IP addresses being 'hijacked' by the TIC, as well as disruptions to WhatsApp services.

A significant disruption incident took place in September when, on September 19, Google IP addresses were hijacked by the Telecommunication Infrastructure Company (TIC). An Iranian official claimed that this disruption was the result of a misconfiguration, and that it was not intentional. In July 2018 the Telecommunications Company of Iran (TCI) caused a similar disruption when it hijacked Telegram’s IP addresses. 

The second important event related to disruption on WhatsApp Desktop and Web on September 20. A source close to the Telecommunication Infrastructure Company told Filterwatch that they did not impose any disruptions on these applications (a claim that can not be independently confirmed or dismissed). Based on Filterwatch investigation there was about 10 to 15 percent packet loss on mmh.whatsapp.net at ISP level.

September 14-15 – Tehran’s ‘Smart City’ organisation experiences disruptions

The Tehran Municipality ICT Organization – the organisation in charge of implementing ‘smart city’ initiatives in Tehran – experienced disruption and almost went offline from 12:00 on September 14 until 14:00 on September 15. This organization experienced a further disruption at 10:00 on September 20. 

Neither the Tehran Municipality ICT Organization nor the ICT Ministry commented  on this incident, and the cause of the disruption is unclear.

September 17 – Multiple ISPs experience disruptions

According to ArvanCloud’s Radar, Irancell, Raspina, Afranet, AsiaTech in Tabriz and Shiraz, and MCI experienced difficulties accessing the Internet. No Iranian officials provided any explanation for this disruption. 

September 18 – Hosting company goes offline for two days

AS208555 Dade Pardazi Mobinhost Co Ltd which is a hosting company, went offline from 00:00 on September 19 until very early in the morning of September 21. No explanation was provided by either the company, or Iranian officials. This hosting company also went offline on September 18 around 14:00 as well as briefly on September 22 at around 18:00.

September 19 – TIC hijacks Google IP addresses

According to Project Ainita – a non-profit project to support anonymity, security and online freedom – the Telecommunications Infrastructure Company hijacked a number of Google IP address ranges.

A number of Google IP addresses were being hijacked by the TIC, according to Project Ainita

 

The Vice Chairman of the Board of Directors of the Telecommunication Infrastructure Company denied hijacking these IP addresses in an interview with the tech news platform Peivast:. “It is true that a misconfiguration has occurred on the network, and our technical team should investigate to prevent this from happening again.”

On July 30 2018 the Telecommunications Company of Iran (TCI) hijacked Telegram addresses in a similar fashion. 

On the same day, the telecommunications company TSTonline.com  was largely disconnected from the internet for roughly an hour.

 

September 20 – WhatsApp business accounts disrupted

Since September 9, Filterwatch observed disruptions on one WhatsApp address in Iran. However, no officials  reacted to this disruption, as it solely affected WhatsApp business accounts, which are impossible to access inside Iran owing to foreign sanctions.

On September 20, Filterwatch also observed that mmh.whatsapp.net was also disrupted inside Iran, mainly in the regions of Tehran and Hamedan.

This disruption affected those who were using the desktop or web version of WhatsApp, with users stating that they were unable to send or receive files. A source close to the Telecommunication Infrastructure Company told Filterwatch that they did not impose any disruptions to the application. Based on Filterwatch’s investigation, there was a packet loss of about 10-15 percent on mmh.whatsapp.net at the ISP level.

September 22 – Instagram experiences disruptions on MCI and Irancell

According to Radar, Instagram was not accessible from Iran, largely on major mobile internet providers such as MCI and Irancell.

September 25-26 – Traceroute disruptions detected

According to OIM, on September 25 and 26 Iran experienced traceroute disruptions lasting approximately three hours. ‘Traceroute’ commands are computer network diagnostic commands for displaying possible routes, and measuring the transit delays of packets across an Internet Protocol network.

In addition, ArvanCloud’s Radar also showed many disruptions on Google, Instagram and other services. ArvanCloud’s Radar measures network based on traceroute and the cURL command tool, used to transfer data to or from a server using any of the supported protocols.

As a result of this traceroute disruption, the ISP Afranet (AS25184) experienced a brief service interruption at 18:00.

About the author

Amir Rashidi

Amir Rashidi

Filterwatch