#BlueCoat spotted in #Syria once again

This is a translation in English by Syria News / Hacktivist (Thanks) available here of our initial paper in french.

La mort, en bourse, c'est lucratif
La mort, en bourse, c’est lucratif

We were naively thinking that the US State Department (FR) had managed to decrease Blue Coat’s commercial zeal (FR). But what does a 2.8 million dollars fine represent for a company like Computerlink ? We now have the answer: nothing. We can already expect answers such as “it is not our fault” or “we could not know”. It however makes no doubt that they knew it, as this has already been explained and demonstrated. As usual, we are thus now waiting patiently for a Blue Coat denial quickly followed by a confession. Let’s however address right now the possible “we could not know” answer they could give.

Today, a message on IRC attracted our attention over a Pastebin page. This page shows the presence of not less than 34 Blue Coat appliances, which is way more than the number BlueCoat initially confessed for, pretending they could not know how they arrived there.

Blue Coat knows exactly the number of active appliances on the Syrian soil, because their devices contact the firm’s servers as soon as there is a software or filtering list update. Hence, the firm must have seen not less than 34 connections from Syrian IP addresses in their update servers’ logs. And we already know how these devices are used by Syrian ISP, all being under regime’s control.

Recent internet shutdowns in Syria motivated some people in scanning Syrian Telecommunications Establishment’s (AS29386) network as well as MTN’s (AS52209) network, which is peered only with STE.

Capture d’écran 2013-05-22 à 22.00.28

inetnum: 82.137.217.0 - 82.137.217.255
netname: MTN
descr: MTN Corporate
country: SY
admin-c: FET2-RIPE
tech-c: FET2-RIPE
status: ASSIGNED PA
mnt-by: STEMNT-1
mnt-routes: STEMNT-1
source: RIPE # Filtere

Bingo : 34 appliances, including a Packet Shaper Firewall in the “3500″ product range which can be accessed here. The other appliances are shared on two different ranges: 188.160.1.0/24 (MTN) and 82.137.217.0/24 (STE). The packet shaper is on a different range, at address 91.144.8.243:

inetnum: 91.144.8.0 - 91.144.8.255
netname: SY-ISP-INET
descr: INET Internet Service Provider
country: SY
admin-c: BF1657-RIPE
tech-c: HA1563-RIPE
status: ASSIGNED PA
mnt-by: STEMNT-1
source: RIPE # Filtered

And now, the IP addresses of the BlueCoat equipment on the MTN network:

Nmap scan report for 188.160.1.52
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.54
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.60
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.62
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.161
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.162
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.163
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.164
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.165
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.166
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.167
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.168
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.169
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.170
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.172
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.173
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.174
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.175
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.184
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.185
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.186
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.187
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.188
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.189
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 188.160.1.190
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for inet-ip-243.inet.sy (91.144.8.243)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http-proxy thttpd (Blue Coat PacketShaper 3500 firewall)
--
Nmap scan report for 82.137.217.16
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 82.137.217.17
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 82.137.217.18
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 82.137.217.19
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 82.137.217.20
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 82.137.217.21
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 82.137.217.22
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
--
Nmap scan report for 82.137.217.23
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
80/tcp open http Blue Coat proxy server
Twitter Facebook Google Plus email

1 thought on “#BlueCoat spotted in #Syria once again”

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *