Network shutdown, all around Kazakhstan

Internet censorship all around the world Kazakhstan
20

I did some port scans. It looks like some other ports to try are 179, 646, 3784, 3785, 4784, 5060.

First I did a scan to see if any hosts in the /24 neighborhood of gov.kz were reachable on port 3785. Only one of them was, 195.12.114.89 (whois), which is part of “National Information Technologies Joint-Stock Company”:

# nmap -PS3785 -sn -n gov.kz/24
Nmap scan report for 195.12.114.89
Host is up (0.21s latency).
Nmap done: 256 IP addresses (1 host up) scanned in 15.57 seconds

Then, I scanned all the ports on that host. 6 ports were responsive, including 3785:

# nmap -n -PS3785 -p- --reason 195.12.114.89
Nmap scan report for 195.12.114.89
Host is up, received reset ttl 236 (0.21s latency).
Not shown: 65529 filtered ports
Reason: 65529 no-responses
PORT     STATE  SERVICE       REASON
179/tcp  closed bgp           reset ttl 233
646/tcp  closed ldp           reset ttl 236
3784/tcp closed bfd-control   reset ttl 234
3785/tcp closed bfd-echo      reset ttl 234
4784/tcp closed bfd-multi-ctl reset ttl 233
5060/tcp open   sip           syn-ack ttl 50

Nmap done: 1 IP address (1 host up) scanned in 344.21 seconds

A port scan could also be a way to discover what foreign ports are accessible from inside Kazakhstan. You need to target a host that responds to every port (with either a SYN/ACK or a RST), like scanme.nmap.org. Any port that has reason syn-ack or rst is making it through the shutdown. Any port that has no-response is blocked by the shutdown.

# nmap -v -n -Pn -p- -T4 --reason scanme.nmap.org
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up, received user-set (0.23s latency).
Not shown: 65531 closed ports
Reason: 65531 resets
PORT      STATE SERVICE    REASON
22/tcp    open  ssh        syn-ack ttl 55
80/tcp    open  http       syn-ack ttl 55
9929/tcp  open  nping-echo syn-ack ttl 56
31337/tcp open  Elite      syn-ack ttl 56

Nmap done: 1 IP address (1 host up) scanned in 108.98 seconds

# nmap -v -n -Pn -p- -T4 --reason -6 scanme.nmap.org
Nmap scan report for scanme.nmap.org (2600:3c01::f03c:91ff:fe18:bb2f)
Host is up, received user-set (0.23s latency).
Not shown: 65532 closed ports
Reason: 65532 resets
PORT      STATE SERVICE REASON
22/tcp    open  ssh     syn-ack ttl 55
80/tcp    open  http    syn-ack ttl 56
31337/tcp open  Elite   syn-ack ttl 56

Nmap done: 1 IP address (1 host up) scanned in 146.68 seconds