To bypass blocking Telegram uses the obvious idea described in the patents of the Ministry of Defense of the Russian Federation
Went the second month of the Telegram ban on the territory of Russia. Despite the blocking of millions of IP addresses, the messenger continues to work successfully and practically does not lose the audience . The Telegram client is open source and uses the non-standard cryptographic protocol MProto from Nikolay Durov. Nevertheless, Roskomnadzor is in no way able to effectively block the messenger.
Since the client code is open, it is not a secret to anyone which method is used to bypass blocking: this is a proxy system with automatic change of IP addresses. The idea is so obvious that it was used even by engineers from the Military Academy of Communications of the Ministry of Defense of the Russian Federation. According to Kommersant, the Russian military registered three patents for this technology in 2007–2009.
The main idea, which combines three patents, is to increase the sustainability of the network segment during destructive influences, - a source close to the Ministry of Defense explained to “Kommersant”. “The military created these inventions in the context of protecting their network from the effects of enemies, and now it works while protecting the work of the messenger from the effects of blockages.”
The base of Rospatent indicated that these patents were terminated in 2008 and 2011. for non-payment of state duty. At the same time, patented ideas are fairly obvious and widely used, so it does not make much sense to pay for patents.
')
Three patents of the Ministry of Defense describe various ways to implement the idea of ​​a “package in a package,” explained the former director general of the Federal State Unitary Enterprise Central Research Institute of Communications Andrey Gryazev. According to him, not only Telegram, but other instant messengers use the “package in package” method along with the implementation of end-to-end encryption.
End-to-end encryption is required to circumvent not only the DNS filtering, but also the technologies and equipment available for Roskomnadzor for Deep Packet Inspection (DPI). However, encrypted packets cannot be analyzed.
Anton Rosenberg, the former director of special areas of one of Telegram’s structures, assured that Telegram is not familiar with the patents of the RF Ministry of Defense and did not use them in developing its system, so that theft of intellectual property is out of the question. He said that ideas for ways to circumvent locks are "obvious and on the surface." “In addition, patents describe ways to ensure communication between different networks controlled by a single owner, say, the military, and not controlled by the enemy,” Rosenberg added. “While in the case of Telegram, the source codes of the applications are open, and Roskomnadzor can use many different phones to search for intermediate addresses used by Telegram.”
Now the main reason why Telegram bypasses blocking is to have a permanent channel of communication with users' devices through push notifications sent from Apple and Google servers, and blocking them is almost impossible, because this is the standard notification system for all applications from the AppStore and Google Play .
Presidential adviser on the Internet German Klimenko believes that it is necessary to change the technology of blocking: “This story showed that the current structure of the fixed legislative definition of methods and methods of blocking does not work,” said German. “It needs to be loosened.” Probably, it is necessary that Roskomnadzor has its own group of programmers or a more flexible history with the development ... In principle, we understand that Roskomnadzor could move somewhere, we criticize it for Telegram locks, nevertheless, it simply executes the law in the form in which it is written. He has neither the ability to order software development, nor to change the approach in working with telecom operators, because operators are required by law to perform just one action - block the IP list using the protocol that is provided. ” Among the technologies being worked out, Klimenko called the development of “white lists”.
By an indirect sign, it can be assumed that Roskomnadzor actually uses many different phones for blocking, which are connected to the Telegram, as Rosenberg suggested. For example, on the night of April 26-27, an incident occurred when Roskomnadzor accidentally blocked the IP addresses of Yandex, Vkontakte, and Odnoklassniki of several other major sites. “So far everything looks like this. A regular user (an employee of the RKN?) Connected to a sniffer in the RKN, which is automatically added to the unloading address of the calls of a device connected to it with the Telegram running, connected with some device, and the sniffer simply added all the addresses to which the user’s device accessed. This is a department filled with monkeys with grenades — the user @ unkn0wnerror wrote then - This is all very similar to the results of the curvature of attempts to get traffic from some device, and that they did not check the addresses. ”
“The brief entry into the register of individual IP addresses was due to the technological features of the system,” the Roskomnadzor explained the situation at that time, prompting ironic comments about the universal nature of this phrase, which explains absolutely any phenomenon.
Something similar happened yesterday, May 17, 2018. At about 3:00 pm , 329 IP addresses of WhatsApp, 180 IP addresses of Akamai, 18 IP addresses of Selectel, 16 addresses of IT-Grad (these are Russian companies) and a subnet of Burger King hit the registry upload. Within an hour, all these addresses were promptly removed from the upload . “In the Unified Register of the prohibited information there are no IP addresses of the company indicated by you. Roskomnadzor does not comment on rumors, ”the Roskomnadzor response to the corresponding request says . Probably, the "technological features of the system" again appeared.
Since the client code is open, it is not a secret to anyone which method is used to bypass blocking: this is a proxy system with automatic change of IP addresses. The idea is so obvious that it was used even by engineers from the Military Academy of Communications of the Ministry of Defense of the Russian Federation. According to Kommersant, the Russian military registered three patents for this technology in 2007–2009.
The main idea, which combines three patents, is to increase the sustainability of the network segment during destructive influences, - a source close to the Ministry of Defense explained to “Kommersant”. “The military created these inventions in the context of protecting their network from the effects of enemies, and now it works while protecting the work of the messenger from the effects of blockages.”
The base of Rospatent indicated that these patents were terminated in 2008 and 2011. for non-payment of state duty. At the same time, patented ideas are fairly obvious and widely used, so it does not make much sense to pay for patents.
')
"Package in package"
Three patents of the Ministry of Defense describe various ways to implement the idea of ​​a “package in a package,” explained the former director general of the Federal State Unitary Enterprise Central Research Institute of Communications Andrey Gryazev. According to him, not only Telegram, but other instant messengers use the “package in package” method along with the implementation of end-to-end encryption.
End-to-end encryption is required to circumvent not only the DNS filtering, but also the technologies and equipment available for Roskomnadzor for Deep Packet Inspection (DPI). However, encrypted packets cannot be analyzed.
Anton Rosenberg, the former director of special areas of one of Telegram’s structures, assured that Telegram is not familiar with the patents of the RF Ministry of Defense and did not use them in developing its system, so that theft of intellectual property is out of the question. He said that ideas for ways to circumvent locks are "obvious and on the surface." “In addition, patents describe ways to ensure communication between different networks controlled by a single owner, say, the military, and not controlled by the enemy,” Rosenberg added. “While in the case of Telegram, the source codes of the applications are open, and Roskomnadzor can use many different phones to search for intermediate addresses used by Telegram.”
Now the main reason why Telegram bypasses blocking is to have a permanent channel of communication with users' devices through push notifications sent from Apple and Google servers, and blocking them is almost impossible, because this is the standard notification system for all applications from the AppStore and Google Play .
Presidential adviser on the Internet German Klimenko believes that it is necessary to change the technology of blocking: “This story showed that the current structure of the fixed legislative definition of methods and methods of blocking does not work,” said German. “It needs to be loosened.” Probably, it is necessary that Roskomnadzor has its own group of programmers or a more flexible history with the development ... In principle, we understand that Roskomnadzor could move somewhere, we criticize it for Telegram locks, nevertheless, it simply executes the law in the form in which it is written. He has neither the ability to order software development, nor to change the approach in working with telecom operators, because operators are required by law to perform just one action - block the IP list using the protocol that is provided. ” Among the technologies being worked out, Klimenko called the development of “white lists”.
"Technological features of the system" (c)
By an indirect sign, it can be assumed that Roskomnadzor actually uses many different phones for blocking, which are connected to the Telegram, as Rosenberg suggested. For example, on the night of April 26-27, an incident occurred when Roskomnadzor accidentally blocked the IP addresses of Yandex, Vkontakte, and Odnoklassniki of several other major sites. “So far everything looks like this. A regular user (an employee of the RKN?) Connected to a sniffer in the RKN, which is automatically added to the unloading address of the calls of a device connected to it with the Telegram running, connected with some device, and the sniffer simply added all the addresses to which the user’s device accessed. This is a department filled with monkeys with grenades — the user @ unkn0wnerror wrote then - This is all very similar to the results of the curvature of attempts to get traffic from some device, and that they did not check the addresses. ”
“The brief entry into the register of individual IP addresses was due to the technological features of the system,” the Roskomnadzor explained the situation at that time, prompting ironic comments about the universal nature of this phrase, which explains absolutely any phenomenon.
Something similar happened yesterday, May 17, 2018. At about 3:00 pm , 329 IP addresses of WhatsApp, 180 IP addresses of Akamai, 18 IP addresses of Selectel, 16 addresses of IT-Grad (these are Russian companies) and a subnet of Burger King hit the registry upload. Within an hour, all these addresses were promptly removed from the upload . “In the Unified Register of the prohibited information there are no IP addresses of the company indicated by you. Roskomnadzor does not comment on rumors, ”the Roskomnadzor response to the corresponding request says . Probably, the "technological features of the system" again appeared.
Source: https://habr.com/ru/post/358848/
All Articles