Rostelecom blocks MTProto Proxy by the size of client packages
The author of telegram-bot @rknshowtime Alek Rudenko suggested how Rostelecom blocks the MTProto proxy, a popular proxy for Telegram , which was introduced two weeks ago. Recall that in this technical implementation, the client and server do not have a phase of open communication. For all sorts of filters and analyzers, the exchange of data with the MTProto-proxy server looks like an unstructured binary bi-directional data flow between the client and the server. This makes it difficult to recognize a protocol for blocking.
But Rostelecom found a way out of the situation.
To figure it out, St. Petersburg developer Leonid Evdokimov ( darkk ) wrote a pseudo-proxy poormansmtproto and tested the DPI of the trunk provider.
An experiment on the Rostelecom network in the Krasnodar Territory showed that Rostelecom is blocking the MTProto-proxy protocol based on the size of client packets.
The experiment revealed the following:
1. If the contents of the packets are replaced with a random set of bytes of the same size, the connection is still broken.
2. If you accidentally change the size of the packets, the connection stops breaking.
3. If the server does not send responses at all, the connection is still broken.
Interlocking Specialist Philip Kulin (Irritating Phil) and owner of DiPHOST hosting company commentedsituation: “I want to note that restricting access to resources based on the results of traffic analysis is illegal. The streamlined wording of repressive Russian legislation in the field of restricting access to information still creates a certain framework for the grounds for blocking and methods of blocking. There is nothing like carpet blocking or packet analysis. This is strictly illegal. ”
But Rostelecom found a way out of the situation.
To figure it out, St. Petersburg developer Leonid Evdokimov ( darkk ) wrote a pseudo-proxy poormansmtproto and tested the DPI of the trunk provider.
An experiment on the Rostelecom network in the Krasnodar Territory showed that Rostelecom is blocking the MTProto-proxy protocol based on the size of client packets.
The experiment revealed the following:
1. If the contents of the packets are replaced with a random set of bytes of the same size, the connection is still broken.
2. If you accidentally change the size of the packets, the connection stops breaking.
3. If the server does not send responses at all, the connection is still broken.
Interlocking Specialist Philip Kulin (Irritating Phil) and owner of DiPHOST hosting company commentedsituation: “I want to note that restricting access to resources based on the results of traffic analysis is illegal. The streamlined wording of repressive Russian legislation in the field of restricting access to information still creates a certain framework for the grounds for blocking and methods of blocking. There is nothing like carpet blocking or packet analysis. This is strictly illegal. ”
Warning from the site administration: When commenting on this material, please follow the rules. Please refrain from insults and toxic behavior. Postmoderation works in comments.