says "Russia disconnected itself from the rest of the internet, a test
of its new defense from cyber warfare, report says"
did this show up in bgp? e.g. rv/ris?
randy
Would that even be effective? Surely a state sponsored cyber warfare attack can use any domestic internet connection within Russia to continue the attacks.
it is weird that no dyn/kentik/oracle/etc article appeared for the event, right?
like… did they not pull routes, they just prevented access in some other manner?
Looks like it did shown on news only.
i wondered
Russia Cuts Self Off From Global Internet, Tests Defenses: RBC
says "Russia disconnected itself from the rest of the internet, a test
of its new defense from cyber warfare, report says"did this show up in bgp? e.g. rv/ris?
Looks like it did shown on news only. We're operating in Russia too and
did not noticed this disconnection at all, both traffic levels and prefix
count was at normal levels.
PS: I guess this disconnection was in some lab, someone just dropped any
"foreign" routes and checked if at least some domestic search engines/
mail services/social networks/... continued to function.
Perhaps it’s the result of a successful table top exercise 
They have installed devices called "TSPU" on major operators.
Isolation of specific networks is done without changing BGP announcements, obviously.
And the drills do not mean at all "we will turn off the Internet for all the clients and see what happens", journalists trivialized it.
Most likely, they checked the autonomous functioning of specific infrastructurally important networks connected to the Internet, isolating only them.
It's not so bad idea in general, if someone find another significant bug in common software, to be able to isolate important networks from the internet at the click of a button and buy time for patching systems.
Looks like it did shown on news only.
i wondered
They have installed devices called “TSPU” on major operators.
Isolation of specific networks is done without changing BGP
announcements, obviously.
Denys, can you say anything about how these TSPU operate?
I believe they at least swallow/stop TCP SYN packets toward some destinations
(or across a link generally), but I’m curious as to what steps the devices take,
to be able to judge impact seen as either: “broken gear” or “funky TPSU doing it’s thing”
thanks!
-chris
Looks like it did shown on news only.
i wondered
They have installed devices called “TSPU” on major operators.
Isolation of specific networks is done without changing BGP
announcements, obviously.Denys, can you say anything about how these TSPU operate?
Denys is, I’m sure, 'lmgtfy’ing me right now but:
https://therecord.media/academics-russia-deployed-new-technology-to-throttle-twitters-traffic/
https://en.wikipedia.org/wiki/Internet_censorship_in_Russia#Deep_packet_inspection
seems to be the system/device in question.
Does this include the ability to do something like an OOB/serial console, cabled into DWDM transport systems management interfaces, to ‘admin down’ the line facing optical interfaces on routes that go across the Russian border? How exactly is this “TSPU” implemented?
Looks like it did shown on news only.
i wondered
They have installed devices called "TSPU" on major operators.
Isolation of specific networks is done without changing BGP
announcements, obviously.Denys, can you say anything about how these TSPU operate?
Denys is, I'm sure, 'lmgtfy'ing me right now but:
Internet censorship in Russia - Wikipedia
seems to be the system/device in question.
There is nothing magical or special in these devices, usual inline DPI with IDS / IPS functionality, installed between BRAS and CGNAT.
Here is specs/description for one of them: https://www.rdp.ru/en/products/service-gateway-engine/
They also sell them abroad. Anybody want to install? (Here must be an emoticon that laughs and weeps same time)
I believe they at least swallow/stop TCP SYN packets toward some
destinations
(or across a link generally), but I'm curious as to what steps the
devices take,
to be able to judge impact seen as either: "broken gear" or "funky
TPSU doing it's thing"
They are fully inline, so they can do anything they want, without informing ISP.
For example, make a network engineer lose the rest of his mind in search of a network fault,
while it's "TSPU doing it's thing".
Is this done entirely in software? Looking at the PDF of the installation guide for this product the system seems to be an x86-64 network appliance motherboard in a 1U chassis from a vendor such as Lanner or similar.
Any of the companies in Taiwan or China that make systems with eight, ten or twelve Intel chipset 10GbE SFP+ cage interfaces on a PCI-E 3.0 bus on a motherboard, the rest of it is a fairly normal embedded x86-64 motherboard.
Looks like it did shown on news only.
i wondered
They have installed devices called “TSPU” on major operators.
Isolation of specific networks is done without changing BGP
announcements, obviously.Denys, can you say anything about how these TSPU operate?
Denys is, I’m sure, 'lmgtfy’ing me right now but:
https://therecord.media/academics-russia-deployed-new-technology-to-throttle-twitters-traffic/
https://en.wikipedia.org/wiki/Internet_censorship_in_Russia#Deep_packet_inspection
seems to be the system/device in question.
There is nothing magical or special in these devices, usual inline DPI
with IDS / IPS functionality, installed between BRAS and CGNAT.
Here is specs/description for one of them:
https://www.rdp.ru/en/products/service-gateway-engine/
They also sell them abroad. Anybody want to install? (Here must be an
emoticon that laughs and weeps same time)
oh cool… I wonder if anyone has done pentesting/etc against these devices… because, you know… putting inline DPI things seems:
“perfectly safe, perfectly normal…”
I believe they at least swallow/stop TCP SYN packets toward some
destinations
(or across a link generally), but I’m curious as to what steps the
devices take,
to be able to judge impact seen as either: “broken gear” or “funky
TPSU doing it’s thing”
They are fully inline, so they can do anything they want, without
informing ISP.
For example, make a network engineer lose the rest of his mind in search
of a network fault,
while it’s “TSPU doing it’s thing”.
ok, interesting… I’m thinking this is what’s currently causing me problems 
but will
have to dig out a bit more proof before I can be sure.
thanks!
-chris