Terrible and terrible SORM2: a bit of practice
On Habré, half of the participants constantly scare another SORM that enslaves everyone and everything, which monitors traffic around the clock, saves all the torrents that you download, and then someday - “they will leave you” (c)
It would seem that professional telecom admins should be present at Habré, who are familiar with all this in practice, but I haven’t seen any topics on this topic (although I may have been looking bad). Therefore, based on personal experience, I would like to tell you a little about how this all works in practice and why the terrible SORM, which everyone is afraid of, is real. I emphasize that I do not make any revelations: every more or less serious system administrator or technical director in any telecom knows this, no one gives any subscriptions and there is no secret information in this.
First of all, we are talking about the Internet, i.e. SORM2. About phone calls, etc. I do not know anything - you need to ask the telephone operators about this.
So, in accordance with the licensing conditions, a telecom operator must obtain an Operational Permit from the authority that called RosSvyazNadzor, RosSvyazOkhranKultury and thousands of other names before operating its network (i.e., providing services to subscribers) ), now it is called RosSvyazKomNadzor . Permits are issued in accordance with the Rules approved by the Government, in which it is written in black and white that the operator must resolve the issue with SORM, about which a “piece of paper” must be submitted to the Supervision. And now the most important thing: this issue is being resolved, and a piece of paper is presented signed only by the FSB and no one else . No MIA bodies — neither the local ATS, nor the “K” department — or the tax department, nor anyone else has anything to do with it. Monitor the Internet traffic can only FSB and the point. Other bodies or departments for this purely physically do not have the technical capabilities - they do not put any equipment anywhere. By the way, this also indirectly follows from the fact that when the same “K” department needs something from the operator / hoster - he is forced to send an official document on his letterhead and signed by the manager. No one can just call and ask to “drop info on traffic from this IP” - operators / hosters in such cases usually just “send” (correctly - why do they need extra problems?) And ask to send an official request.
')
Why do I focus on the FSB and why is this important in practice? It's very simple: the FSB is really a serious organization that is engaged in the protection and defense of the security of the country as a whole. She absolutely doesn’t care about who downloads torrents, whose copyright is violated, and whose websites are broken (if they are, of course, not websites of state bodies). She is much more interested in the fact that you post in twenty forums an offer to buy spare parts for a combat helicopter from you.
Now back to our telecom operator, who needs to agree on the issue of SORM with the FSB. Yes, formally the operator really has to buy special equipment for $ 10k and stretch a dedicated communication cable to the local FSB. However, in reality, none of the small providers do this (at least I have not heard of this). All are limited to agreeing with the FSB to cooperate if they have any questions (in fact, simply exchange contacts with their officer-curator and the FSB technician) and the signing of the “Protocol on the interaction procedure in the commissioning of SORM” (or the “Commissioning Plan. .. ”- it doesn’t matter), the essence of which, if briefly stated, is that the provider undertakes to do the« real ’SORM sometime later (usually in five years time). The classic principle of Khoja Nasreddin operates - in five years, either the company will close, or money for a full-fledged SORM will work, or something else will change. Moreover, many people after five years sign the following protocol and do not like it.
What happens if one of the ISP’s customers actually sells parts from helicopters or otherwise threatens federal security? Well, they just call (or even write by e-mail) and ask to make tcpdump traffic from a specific address, and then drop it on ftp. The provider takes and does. That's all, actually.
If the provider has become large enough and has already “matured” in order not to mess with the dumps - it puts in its own FSB equipment. What is it like? I can not vouch for everyone and everything, but what I saw was the usual self-assembling computers in GenesysRack rack-mount cases with Linux installed and two network cards - “input” and “output”. To the “input”, the provider simply mirror'it the traffic (its Internet, but before NAT'a, naturally), and assigns to the “output” (well, that is, reports to the FSB, and they themselves will assign) the external IP, which is all controlled. What exactly is spinning under Linux, of course, I don’t know, but I don’t have to be a rocket scientist — some kind of packet analyzer so that you can “pull out” only what is needed and not drive tons of traffic into the FSB data Centre.
Here, perhaps, that's all. If you look really from the practical side, the “terrible and terrible” SORM is not Big Brother and not an attempt to monit and enslave everyone. This is really a means of protecting the interests of the security of the state, which is used only for this and as a whole solves rather modest and limited tasks. Frankly speaking, corporate policy in many large organizations is much harsher - and they are not allowed to “classmates”, and they block “vkontakte” ... If you don’t make revolutions and don’t sell spare parts from helicopters, then you have nothing to fear.
PS: The comments indicated that the self-gathering mentioned in the topic is no longer used. Yes, I really saw this business about 3 years ago. I am happy for our FSB officers that they began to order equipment from other contractors - who use either ready vendor servers or collect something more or less decent looking.
PPS: I didn’t want to raise with the topic any political debates about the surveillance of the state for citizens, etc., but in the comments they did raise it. Therefore, I will briefly explain my position and purpose of the topic: regardless of political views and beliefs, you need to treat everything realistically and if something exists (for example, SORM or the same “K” management) - you should always try to find out about it to the maximum. this "use." But there is no point in putting up eyes of grief and every kind of splashing of hands.
PPS: Placed in the blog "Telecoms". If there are suggestions for a more appropriate choice of thematic blog - say.
It would seem that professional telecom admins should be present at Habré, who are familiar with all this in practice, but I haven’t seen any topics on this topic (although I may have been looking bad). Therefore, based on personal experience, I would like to tell you a little about how this all works in practice and why the terrible SORM, which everyone is afraid of, is real. I emphasize that I do not make any revelations: every more or less serious system administrator or technical director in any telecom knows this, no one gives any subscriptions and there is no secret information in this.
First of all, we are talking about the Internet, i.e. SORM2. About phone calls, etc. I do not know anything - you need to ask the telephone operators about this.
So, in accordance with the licensing conditions, a telecom operator must obtain an Operational Permit from the authority that called RosSvyazNadzor, RosSvyazOkhranKultury and thousands of other names before operating its network (i.e., providing services to subscribers) ), now it is called RosSvyazKomNadzor . Permits are issued in accordance with the Rules approved by the Government, in which it is written in black and white that the operator must resolve the issue with SORM, about which a “piece of paper” must be submitted to the Supervision. And now the most important thing: this issue is being resolved, and a piece of paper is presented signed only by the FSB and no one else . No MIA bodies — neither the local ATS, nor the “K” department — or the tax department, nor anyone else has anything to do with it. Monitor the Internet traffic can only FSB and the point. Other bodies or departments for this purely physically do not have the technical capabilities - they do not put any equipment anywhere. By the way, this also indirectly follows from the fact that when the same “K” department needs something from the operator / hoster - he is forced to send an official document on his letterhead and signed by the manager. No one can just call and ask to “drop info on traffic from this IP” - operators / hosters in such cases usually just “send” (correctly - why do they need extra problems?) And ask to send an official request.
')
Why do I focus on the FSB and why is this important in practice? It's very simple: the FSB is really a serious organization that is engaged in the protection and defense of the security of the country as a whole. She absolutely doesn’t care about who downloads torrents, whose copyright is violated, and whose websites are broken (if they are, of course, not websites of state bodies). She is much more interested in the fact that you post in twenty forums an offer to buy spare parts for a combat helicopter from you.
Now back to our telecom operator, who needs to agree on the issue of SORM with the FSB. Yes, formally the operator really has to buy special equipment for $ 10k and stretch a dedicated communication cable to the local FSB. However, in reality, none of the small providers do this (at least I have not heard of this). All are limited to agreeing with the FSB to cooperate if they have any questions (in fact, simply exchange contacts with their officer-curator and the FSB technician) and the signing of the “Protocol on the interaction procedure in the commissioning of SORM” (or the “Commissioning Plan. .. ”- it doesn’t matter), the essence of which, if briefly stated, is that the provider undertakes to do the« real ’SORM sometime later (usually in five years time). The classic principle of Khoja Nasreddin operates - in five years, either the company will close, or money for a full-fledged SORM will work, or something else will change. Moreover, many people after five years sign the following protocol and do not like it.
What happens if one of the ISP’s customers actually sells parts from helicopters or otherwise threatens federal security? Well, they just call (or even write by e-mail) and ask to make tcpdump traffic from a specific address, and then drop it on ftp. The provider takes and does. That's all, actually.
If the provider has become large enough and has already “matured” in order not to mess with the dumps - it puts in its own FSB equipment. What is it like? I can not vouch for everyone and everything, but what I saw was the usual self-assembling computers in GenesysRack rack-mount cases with Linux installed and two network cards - “input” and “output”. To the “input”, the provider simply mirror'it the traffic (its Internet, but before NAT'a, naturally), and assigns to the “output” (well, that is, reports to the FSB, and they themselves will assign) the external IP, which is all controlled. What exactly is spinning under Linux, of course, I don’t know, but I don’t have to be a rocket scientist — some kind of packet analyzer so that you can “pull out” only what is needed and not drive tons of traffic into the FSB data Centre.
Here, perhaps, that's all. If you look really from the practical side, the “terrible and terrible” SORM is not Big Brother and not an attempt to monit and enslave everyone. This is really a means of protecting the interests of the security of the state, which is used only for this and as a whole solves rather modest and limited tasks. Frankly speaking, corporate policy in many large organizations is much harsher - and they are not allowed to “classmates”, and they block “vkontakte” ... If you don’t make revolutions and don’t sell spare parts from helicopters, then you have nothing to fear.
PS: The comments indicated that the self-gathering mentioned in the topic is no longer used. Yes, I really saw this business about 3 years ago. I am happy for our FSB officers that they began to order equipment from other contractors - who use either ready vendor servers or collect something more or less decent looking.
PPS: I didn’t want to raise with the topic any political debates about the surveillance of the state for citizens, etc., but in the comments they did raise it. Therefore, I will briefly explain my position and purpose of the topic: regardless of political views and beliefs, you need to treat everything realistically and if something exists (for example, SORM or the same “K” management) - you should always try to find out about it to the maximum. this "use." But there is no point in putting up eyes of grief and every kind of splashing of hands.
PPS: Placed in the blog "Telecoms". If there are suggestions for a more appropriate choice of thematic blog - say.
Source: https://habr.com/ru/post/65924/
All Articles