Gununsesi.org blocked in Azerbaijan

Starting the 8th of November 2019, we monitored a sudden drop of traffic coming from inside Azerbaijan from mobile operator Bakcell, AS197830 and other providers routed via Azertelecom AS196925.

Mobile traffic coming from the prefix 5.44.32.0/21 dropped suddenly

route:          5.44.32.0/21
descr:          Bakcell-Route-5.44.32.0/21
origin:         AS197830

As it is not the first time that authorities and (mobile) carriers blame technical problems or temporary infrastructure glitches, we conducted one week of testing so as to determine if this was a infrastructure problem or an intentional blocking of the website.

To verify the blocking we moved the website to another network location and customized some anti-blocking technical measurements for the https://www.gununsesi.org website.

One week after, starting the morning of the 6th of December, the problem re-appeared with similar blocking signatures that the previous events of November.

Signatures show blocking by means of “Deep Packet Inspection”

Non encrypted connections receive a “RESET” packet that tears down the connections. User receives the message “This site can’t be reached. The connection was reset.”

Encrypted connections timeout as the session is silently discarded and the user receives the error ERR_TIME_OUT

More networks affected

Although we conducted our study looking into traffic from Bakcell, we can also see the same type of blocking in mobile users coming from Nar Mobile, Azerfon

In order to determine the networks affected by the blocking, we reviewed all the peers of Azertelecom AS196925 and confirmed that at least these providers also drop the traffic.

 AS15815 INTRA Network Systems Ltd
 AS59523 CNC.AZ MMC
 AS197830 BAKCELL LLC
 AS200154 IZONE LLC
 AS39232 Uninet
 AS39280 Ultel LLC
 AS42779 Azerfon LLC

Conclusion

The collected forensic evidence makes us believe that the website https://www.gununsesi.org is currently blocked by means of Deep Packet Inspection and providers routed upstream by Azertelecom including mobile operators Bakcell and Nar (Azerfon) show similar signs of blocking.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.