russian prefixes

Christopher Morrow morrowc.lists at gmail.com
Fri Jul 30 21:32:39 UTC 2021


On Fri, Jul 30, 2021 at 3:21 PM Denys Fedoryshchenko <
nuclearcat at nuclearcat.com> wrote:

> On 2021-07-30 18:45, Christopher Morrow wrote:
> > On Fri, Jul 30, 2021 at 10:57 AM Christopher Morrow
> > <morrowc.lists at gmail.com> wrote:
> >
> >> On Thu, Jul 29, 2021 at 9:07 PM Denys Fedoryshchenko
> >> <nuclearcat at nuclearcat.com> wrote:
> >>
> >>> On 2021-07-29 20:46, Randy Bush wrote:
> >>>>> Looks like it did shown on news only.
> >>>>
> >>>> :)
> >>>>
> >>>> i wondered
> >>> They have installed devices called "TSPU" on major operators.
> >>> Isolation of specific networks is done without changing BGP
> >>> announcements, obviously.
> >>
> >> Denys, can you say anything about how these TSPU operate?
> >
> > Denys is, I'm sure, 'lmgtfy'ing me right now but:
> >
> >
> https://therecord.media/academics-russia-deployed-new-technology-to-throttle-twitters-traffic/
> >
> >
> https://en.wikipedia.org/wiki/Internet_censorship_in_Russia#Deep_packet_inspection
> >
> > seems to be the system/device in question.
> There is nothing magical or special in these devices, usual inline DPI
> with IDS / IPS functionality, installed between BRAS and CGNAT.
> Here is specs/description for one of them:
> https://www.rdp.ru/en/products/service-gateway-engine/
> They also sell them abroad. Anybody want to install? (Here must be an
> emoticon that laughs and weeps same time)
>
>
oh cool.. I wonder if anyone has done pentesting/etc against these
devices... because, you know.. putting inline DPI things seems:
  "perfectly safe, perfectly normal..."


> >
> >> I believe they at least swallow/stop TCP SYN packets toward some
> >> destinations
> >> (or across a link generally), but I'm curious as to what steps the
> >> devices take,
> >> to be able to judge impact seen as either: "broken gear" or "funky
> >> TPSU doing it's thing"
> They are fully inline, so they can do anything they want, without
> informing ISP.
> For example, make a network engineer lose the rest of his mind in search
> of a network fault,
> while it's "TSPU doing it's thing".
>
>
ok, interesting... I'm thinking this is what's currently causing me
problems :( but will
have to dig out a bit more proof before I can be sure.

thanks!
-chris


> >>
> >> thanks!
> >> -chris
> >>
> >>> And the drills do not mean at all "we will turn off the Internet
> >>> for all
> >>> the clients and see what happens", journalists trivialized it.
> >>> Most likely, they checked the autonomous functioning of specific
> >>> infrastructurally important networks connected to the Internet,
> >>> isolating only them.
> >>> It's not so bad idea in general, if someone find another
> >>> significant bug
> >>> in common software, to be able to isolate important networks from
> >>> the
> >>> internet at the click of a button and buy time for patching
> >>> systems.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210730/7826a96c/attachment.html>


More information about the NANOG mailing list