On Fri, Jul 30, 2021 at 3:21 PM Denys Fedoryshchenko < nuclear...@nuclearcat.com> wrote:
> On 2021-07-30 18:45, Christopher Morrow wrote: > > On Fri, Jul 30, 2021 at 10:57 AM Christopher Morrow > > <morrowc.li...@gmail.com> wrote: > > > >> On Thu, Jul 29, 2021 at 9:07 PM Denys Fedoryshchenko > >> <nuclear...@nuclearcat.com> wrote: > >> > >>> On 2021-07-29 20:46, Randy Bush wrote: > >>>>> Looks like it did shown on news only. > >>>> > >>>> :) > >>>> > >>>> i wondered > >>> They have installed devices called "TSPU" on major operators. > >>> Isolation of specific networks is done without changing BGP > >>> announcements, obviously. > >> > >> Denys, can you say anything about how these TSPU operate? > > > > Denys is, I'm sure, 'lmgtfy'ing me right now but: > > > > > https://therecord.media/academics-russia-deployed-new-technology-to-throttle-twitters-traffic/ > > > > > https://en.wikipedia.org/wiki/Internet_censorship_in_Russia#Deep_packet_inspection > > > > seems to be the system/device in question. > There is nothing magical or special in these devices, usual inline DPI > with IDS / IPS functionality, installed between BRAS and CGNAT. > Here is specs/description for one of them: > https://www.rdp.ru/en/products/service-gateway-engine/ > They also sell them abroad. Anybody want to install? (Here must be an > emoticon that laughs and weeps same time) > > oh cool.. I wonder if anyone has done pentesting/etc against these devices... because, you know.. putting inline DPI things seems: "perfectly safe, perfectly normal..." > > > >> I believe they at least swallow/stop TCP SYN packets toward some > >> destinations > >> (or across a link generally), but I'm curious as to what steps the > >> devices take, > >> to be able to judge impact seen as either: "broken gear" or "funky > >> TPSU doing it's thing" > They are fully inline, so they can do anything they want, without > informing ISP. > For example, make a network engineer lose the rest of his mind in search > of a network fault, > while it's "TSPU doing it's thing". > > ok, interesting... I'm thinking this is what's currently causing me problems :( but will have to dig out a bit more proof before I can be sure. thanks! -chris > >> > >> thanks! > >> -chris > >> > >>> And the drills do not mean at all "we will turn off the Internet > >>> for all > >>> the clients and see what happens", journalists trivialized it. > >>> Most likely, they checked the autonomous functioning of specific > >>> infrastructurally important networks connected to the Internet, > >>> isolating only them. > >>> It's not so bad idea in general, if someone find another > >>> significant bug > >>> in common software, to be able to isolate important networks from > >>> the > >>> internet at the click of a button and buy time for patching > >>> systems. >
