nuclearcat at nuclearcat.com
Fri Jul 30 19:20:58 UTC 2021
On 2021-07-30 18:45, Christopher Morrow wrote:
> On Fri, Jul 30, 2021 at 10:57 AM Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>> On Thu, Jul 29, 2021 at 9:07 PM Denys Fedoryshchenko
>> <nuclearcat at nuclearcat.com> wrote:
>>> On 2021-07-29 20:46, Randy Bush wrote:
>>>>> Looks like it did shown on news only.
>>>> i wondered
>>> They have installed devices called "TSPU" on major operators.
>>> Isolation of specific networks is done without changing BGP
>>> announcements, obviously.
>> Denys, can you say anything about how these TSPU operate?
> Denys is, I'm sure, 'lmgtfy'ing me right now but:
> seems to be the system/device in question.
There is nothing magical or special in these devices, usual inline DPI
with IDS / IPS functionality, installed between BRAS and CGNAT.
Here is specs/description for one of them:
They also sell them abroad. Anybody want to install? (Here must be an
emoticon that laughs and weeps same time)
>> I believe they at least swallow/stop TCP SYN packets toward some
>> (or across a link generally), but I'm curious as to what steps the
>> devices take,
>> to be able to judge impact seen as either: "broken gear" or "funky
>> TPSU doing it's thing"
They are fully inline, so they can do anything they want, without
For example, make a network engineer lose the rest of his mind in search
of a network fault,
while it's "TSPU doing it's thing".
>>> And the drills do not mean at all "we will turn off the Internet
>>> for all
>>> the clients and see what happens", journalists trivialized it.
>>> Most likely, they checked the autonomous functioning of specific
>>> infrastructurally important networks connected to the Internet,
>>> isolating only them.
>>> It's not so bad idea in general, if someone find another
>>> significant bug
>>> in common software, to be able to isolate important networks from
>>> internet at the click of a button and buy time for patching
More information about the NANOG