nanog mailing list archives
Re: russian prefixes
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Fri, 30 Jul 2021 17:32:39 -0400
On Fri, Jul 30, 2021 at 3:21 PM Denys Fedoryshchenko < nuclearcat () nuclearcat com> wrote:
On 2021-07-30 18:45, Christopher Morrow wrote:On Fri, Jul 30, 2021 at 10:57 AM Christopher Morrow <morrowc.lists () gmail com> wrote:On Thu, Jul 29, 2021 at 9:07 PM Denys Fedoryshchenko <nuclearcat () nuclearcat com> wrote:On 2021-07-29 20:46, Randy Bush wrote:Looks like it did shown on news only.:) i wonderedThey have installed devices called "TSPU" on major operators. Isolation of specific networks is done without changing BGP announcements, obviously.Denys, can you say anything about how these TSPU operate?Denys is, I'm sure, 'lmgtfy'ing me right now but:https://therecord.media/academics-russia-deployed-new-technology-to-throttle-twitters-traffic/https://en.wikipedia.org/wiki/Internet_censorship_in_Russia#Deep_packet_inspectionseems to be the system/device in question.There is nothing magical or special in these devices, usual inline DPI with IDS / IPS functionality, installed between BRAS and CGNAT. Here is specs/description for one of them: https://www.rdp.ru/en/products/service-gateway-engine/ They also sell them abroad. Anybody want to install? (Here must be an emoticon that laughs and weeps same time)
oh cool.. I wonder if anyone has done pentesting/etc against these devices... because, you know.. putting inline DPI things seems: "perfectly safe, perfectly normal..."
I believe they at least swallow/stop TCP SYN packets toward some destinations (or across a link generally), but I'm curious as to what steps the devices take, to be able to judge impact seen as either: "broken gear" or "funky TPSU doing it's thing"They are fully inline, so they can do anything they want, without informing ISP. For example, make a network engineer lose the rest of his mind in search of a network fault, while it's "TSPU doing it's thing".
ok, interesting... I'm thinking this is what's currently causing me problems :( but will have to dig out a bit more proof before I can be sure. thanks! -chris
thanks! -chrisAnd the drills do not mean at all "we will turn off the Internet for all the clients and see what happens", journalists trivialized it. Most likely, they checked the autonomous functioning of specific infrastructurally important networks connected to the Internet, isolating only them. It's not so bad idea in general, if someone find another significant bug in common software, to be able to isolate important networks from the internet at the click of a button and buy time for patching systems.
Current thread:
- Re: russian prefixes, (continued)
- Re: russian prefixes Baldur Norddahl (Jul 28)
- Re: russian prefixes Christopher Morrow (Jul 29)
- Re: russian prefixes Alexandre Snarskii (Jul 29)
- Re: russian prefixes Randy Bush (Jul 29)
- RE: [EXT] Re: russian prefixes Jacques Latour (Jul 29)
- Re: russian prefixes Denys Fedoryshchenko (Jul 29)
- Re: russian prefixes Christopher Morrow (Jul 30)
- Re: russian prefixes Christopher Morrow (Jul 30)
- Re: russian prefixes Denys Fedoryshchenko (Jul 30)
- Re: russian prefixes Eric Kuhnke (Jul 30)
- Re: russian prefixes Christopher Morrow (Jul 30)
- Re: russian prefixes Randy Bush (Jul 29)
- Re: russian prefixes Baldur Norddahl (Jul 28)
- Re: russian prefixes Eric Kuhnke (Jul 30)