Starting the Friday, 23rd of August 2013 a large number of connections to https://www.colombotelegraph.com were failing. Readers of the website started to report that the site was not available inside of Sri Lanka from some Internet providers.

Colombo Telegraph is strictly a public interest website relating to Sri Lankan matters and is run completely voluntarily by a group of exiled journalists. The site gives space to a wide range of political views and censored/ underreported stories. Colombo Telegraph has the honour of being first and only Sri Lankan site to be approved for inclusion in ‘Guardian Select‘. It was checked and approved for Guardian Select membership by Guardian editorial. Guardian Select bring together the very best independent publishers from across the web.

History of Colombo Telegraph blocking

First -December 26, 2011 – We are blocked but we will not be stopped

Second – May 8, 2012 –Colombo Telegraph Blocked Again

Third – March 29, 2013  – Sri Lanka Blocks Colombo Telegraph and Selected Tweets: Colombo Telegraph Unblocked

Other attempts 

October 26, 2012 – Colombo Telegraph Was Hacked

August 9, 2012 ColomboTelegraph Password Cracking Attempt Blocked

Freedom House Report: Freedom On The Net 2012, Sri Lanka Is A Country At Risk

As the server has been blocked in the past, it was reasonable to believe that blocking was taking place again. In order to verify the cause of the problem we checked 500 different connections inside of Sri Lanka to see from where such blocking was taking place.

Who is blocking the site?

From our analysis we can see that connections from AS45356 and AS9329 are currently blocked. The providers are MOBITEL-LK and STINT-AS-AP

Other providers as AS18001/DIALOG showed signs of blocking the 24th of August but is currently open. The provider AS8966/ETISALAT has never show signs of filtering.

Image: Increase of failed connections from Friday 23rd August 2013 (orange)

How is blocking taking place?

The current blocking implemented in Mobitel and Sri Lanka Telecom consists in reseting the connections of the readers. As shown in the picture  RST packets (red) are send back to the client when a connection to www.colombotelegraph.com is requested

We could verify that if requests to the site do not contain the HTTP header

Host: www.colombotelegraph.com

such requests do not get blocked. We could also verify that if we connect to any other server in the Internet and we send the same header a RST packet is received.

But if we send a request to the site using the IP address instead of the site’s name we could bypass the blocking.

A request with the content

GET /index.php HTTP/1.1

Host: 62.102.150.145

Connection: keep-alive

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Gives a proper response

HTTP/1.1 301 Moved Permanently

Date: Tue, 27 Aug 2013 17:56:45 GMT

Server: Apache

X-Pingback: https://www.colombotelegraph.com/xmlrpc.php

Location: http://62.102.150.145/index.php/

Content-Type: text/html; charset=UTF-8

After examining the network traffic and our logs we can conclude without any doubt that active interference is talking place in at least two large providers Mobitel and Sri Lanka Telecom.

How to reach the site?

As a quick measure to bypass such filtering we have enforce secure connections to the website, we advise to all readers to reach the site using HTTPS.

https://www.colombotelegraph.com

*DPI club – Deep Packet Inspection (and filtering) enables advanced network management to implement internet censorship. See http://en.wikipedia.org/wiki/Deep_packet_inspection