February 28, 2019 at 20:24Roskomnadzor accidentally blocked providers' stubs
IT expert Mikhail Klimarev said that Roskomnadzor has blocked the “stubs” of at least three Internet providers.
A stub is a page that the provider shows or redirects to instead of a blocked site. It indicates the reason for the lock. Some providers advertise their services there.
On the morning of February 28, Roskomnadzor added to the upload (a list of addresses and domains to be blocked given to providers) of the form
This is the address of the St. Petersburg provider InterZet (in 2014 it was acquired by the provider Dom.ru). The note on the record indicates the decision to block Telegram, on the basis of which daily access to many third-party proxy servers is unlawfully restricted.
Over the past weeks, Roskomnadzor has noticeably increased the speed of detection of proxy servers (users report that the proxy they have raised is often blocked in just a few hours). According to the owner of the TgVPN service Vladislav Zdolnikov, this is achieved in two ways:
This is accompanied either by a lack of verification of blocked addresses or by a superficial check. Apparently, the owner of one of the blocked proxies for the sake of joke indicated in the A-record the addresses of provider stubs.
In 2017, the ILV was already stepping on exactly the same rake (and before that, the theoretical possibility of attack was widely discussed for several years). In 2018, according to the same scheme, “flew” to the provider Transtelecom.
After these attacks, Roskomnadzor reported that the providers were instructed not to resolve the blocked domains. Now we see that the supervisor does not comply with its own recommendations.
Reportthat Dom.ru and MTS (another affected provider) were forced to completely disable content filtering. A few hours later, the victims were unblocked .
A stub is a page that the provider shows or redirects to instead of a blocked site. It indicates the reason for the lock. Some providers advertise their services there.
On the morning of February 28, Roskomnadzor added to the upload (a list of addresses and domains to be blocked given to providers) of the form
5.3.3.17 This is the address of the St. Petersburg provider InterZet (in 2014 it was acquired by the provider Dom.ru). The note on the record indicates the decision to block Telegram, on the basis of which daily access to many third-party proxy servers is unlawfully restricted.
Over the past weeks, Roskomnadzor has noticeably increased the speed of detection of proxy servers (users report that the proxy they have raised is often blocked in just a few hours). According to the owner of the TgVPN service Vladislav Zdolnikov, this is achieved in two ways:
- ILV dumps the backbone of some operator for SOCKS and MTProto traffic without additional obfuscation.
- To block proxies that can be resolved from different geographical locations to different IP addresses, the “Auditor” hardware-software complex installed by each provider in Russia is used (which in itself is inappropriate use, since the “Auditor” is intended only to control the execution of locks providers).
This is accompanied either by a lack of verification of blocked addresses or by a superficial check. Apparently, the owner of one of the blocked proxies for the sake of joke indicated in the A-record the addresses of provider stubs.
In 2017, the ILV was already stepping on exactly the same rake (and before that, the theoretical possibility of attack was widely discussed for several years). In 2018, according to the same scheme, “flew” to the provider Transtelecom.
After these attacks, Roskomnadzor reported that the providers were instructed not to resolve the blocked domains. Now we see that the supervisor does not comply with its own recommendations.
Reportthat Dom.ru and MTS (another affected provider) were forced to completely disable content filtering. A few hours later, the victims were unblocked .