On Fri, Jul 30, 2021 at 3:21 PM Denys Fedoryshchenko < nuclearcat@nuclearcat.com> wrote:
On 2021-07-30 18:45, Christopher Morrow wrote:
On Fri, Jul 30, 2021 at 10:57 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Thu, Jul 29, 2021 at 9:07 PM Denys Fedoryshchenko <nuclearcat@nuclearcat.com> wrote:
On 2021-07-29 20:46, Randy Bush wrote:
Looks like it did shown on news only.
:)
i wondered They have installed devices called "TSPU" on major operators. Isolation of specific networks is done without changing BGP announcements, obviously.
Denys, can you say anything about how these TSPU operate?
Denys is, I'm sure, 'lmgtfy'ing me right now but:
https://therecord.media/academics-russia-deployed-new-technology-to-throttle...
https://en.wikipedia.org/wiki/Internet_censorship_in_Russia#Deep_packet_insp...
seems to be the system/device in question.
There is nothing magical or special in these devices, usual inline DPI with IDS / IPS functionality, installed between BRAS and CGNAT. Here is specs/description for one of them: https://www.rdp.ru/en/products/service-gateway-engine/ They also sell them abroad. Anybody want to install? (Here must be an emoticon that laughs and weeps same time)
oh cool.. I wonder if anyone has done pentesting/etc against these devices... because, you know.. putting inline DPI things seems: "perfectly safe, perfectly normal..."
I believe they at least swallow/stop TCP SYN packets toward some destinations (or across a link generally), but I'm curious as to what steps the devices take, to be able to judge impact seen as either: "broken gear" or "funky TPSU doing it's thing"
They are fully inline, so they can do anything they want, without informing ISP. For example, make a network engineer lose the rest of his mind in search of a network fault, while it's "TSPU doing it's thing".
ok, interesting... I'm thinking this is what's currently causing me problems :( but will have to dig out a bit more proof before I can be sure. thanks! -chris
thanks! -chris
And the drills do not mean at all "we will turn off the Internet for all the clients and see what happens", journalists trivialized it. Most likely, they checked the autonomous functioning of specific infrastructurally important networks connected to the Internet, isolating only them. It's not so bad idea in general, if someone find another significant bug in common software, to be able to isolate important networks from the internet at the click of a button and buy time for patching systems.