Network technologies *

For people familiar with the term DPI (Deep Packet Inspection), it often carries an unpleasant association: blocking, regulators, censorship, tightening controls. In reality, DPI is simply the name of a technology whose essence lies in the deep analysis of network traffic. Deep traffic analysis involves identifying protocols, extracting the most significant fields and metadata, classifying internet services, and analyzing the nature of network flows. I will explain how such solutions work in this article.

Today, a significant portion of all content on the Internet is distributed with the use of CDNs (Content Delivery Networks). At the same time, there is no research on how various censors extend their influence on such networks. Scientists from the University of Massachusetts analyzed possible methods of blocking CDN content using the example of the practices of the Chinese authorities, and also developed a tool to bypass such blocks.

We (specialists from proxy service) have prepared an overview material with the main conclusions and results of this experiment (translate of this material).

We are requesting 20,000,000 euro to place 900 orders on the exchange. What could go wrong?

Today, I will explain how to avoid losing billions in client money when executing large transactions on the exchange. This discussion focuses on an often overlooked and largely invisible problem that arises when handling large requests, particularly HTTP requests, which may not be fully executed. It's surprising how little attention is given to this issue and how few tools there are to address it.

Our task was to implement large-scale management of exchange orders, not just within a single exchange but globally, and to ensure it operates reliably. In this story, you'll encounter clients, servers, and cats. Stories are always more enjoyable with cats.

Governments in many countries restrict citizens' access to information and services on the Internet in one way or another. Combating such censorship is an important and difficult task. Usually simple solutions cannot boast about high reliability or long-term efficiency. More complex methods of overcoming blocks have disadvantages in terms of usability, low performance, or they do not allow you to maintain the quality of Internet use at the proper level.

A group of American scientists from the University of Illinois has developed a new method of overcoming blocks, which is based on the use of proxy technology, as well as segmenting users by trust level to effectively identify agents working for censors. We present you with the main theses of this work.

Description of the approach

Scientists have developed the Salmon tool, a system of proxy servers operated by volunteers from countries without restrictions on Internet use. In order to protect these servers from blocking by censors, the system uses a special algorithm for assigning a level of trust to users.

The method involves exposing potential censor agents that pose as ordinary users in order to find out the IP address of the proxy server and block it. In addition, countering Sybil attacks is carried out through the requirements to provide a link to a valid social network account when registering in the system or to receive a recommendation from a user with a high level of trust.

How it works

It is assumed that the censor is a state–controlled body that has the ability to take control of any router within the country. It is also assumed that the task of the censor is to block access to certain resources, and not to identify users for further arrests. The system cannot prevent such a course of events in any way – the state has plenty of opportunities to find out what services citizens use. One of them is the use of honeypot servers to intercept communications.

It is also assumed that the state has significant resources, including human ones. The censor can solve tasks that require hundreds and thousands of full-time employees.

A few more basic theses:

Masking an IP address with a use of a proxy is necessary not only to circumvent censorship on the Internet and watch TV series. In recent years, proxies have been increasingly used to solve corporate objectives from application testing under load to competitive intelligence. Habr has a good overview of the various options for using proxies in the business sector.

Today we will talk about what to pay attention to when choosing a proxy network for solving such corporate objectives.

Internet censorship is becoming an increasingly important issue worldwide. This leads to increasing of the "race of armaments" – in different countries government agencies and private corporations try to block various content and fight against the ways of circumventing of such restrictions. At the same time developers and researchers strive to create effective tools to combat censorship.

Scientists from Carnegie Mellon University, Stanford University, and SRI International conducted an experiment in which they developed a special service for masking the use of Tor – one of the most popular tools for bypassing blocking. Here is the story about the work done by the researchers.

Network programming in C++ can be challenging. But even a greater challenge is to find educational content that will arm you with the knowledge on how to apply your networking skills in real applications.

In this article you can learn the basics of socket communication and many ways how you can design your internal messaging protocols.

Arbeiten im technischen Support brachte zusätzlich zu allen Aufgaben die Pflicht mit sich, die Kommunikationskanäle zu überwachen. Dies wurde über den Grafana-Dienst realisiert, der die erforderlichen Metriken aus Zabbix bezog. Da die Art der Arbeit jedoch bedeutete, dass man nicht immer an seinem Arbeitsplatz sitzt, kam mir die Idee, dies ein wenig zu automatisieren und Benachrichtigungen auf das Telefon oder zum Beispiel in einen Messenger zu erhalten, falls ein Kommunikationskanal ausfällt. Allerdings hatte ich keinen Zugriff auf das Zabbix-System und auch keinen erweiterten Zugriff auf Grafana.

I'm Alex Movergan, DevOps team lead at Altenar. I focus on automation in general and on improving troubleshooting skills within my team. In this article, I'll share a captivating tale that revolves around Kubernetes, validation webhooks, kubespray, and Calico.

Join me on this DevOps journey as we explore real-world scenarios unraveling the intricacies of troubleshooting in a Kubernetes environment.

Let's take a deeper look at the Q1 2023 DDoS attacks mitigation statistics and observations from Qrator Labs' perspective.

Now that 2022 has come to an end, we would like to share the DDoS attack mitigation and BGP incident statistics for the fourth quarter of the year, which overall saw unprecedented levels of DDoS attack activity across all business sectors.

In 2022, DDoS attacks increased by 73.09% compared to 2021. 

Let's take a closer look at the Q4 2022 data.

All the credit is due to the RFC’s authors: A. Azimov (Qrator Labs & Yandex), E. Bogomazov (Qrator Labs), R. Bush (IIJ & Arrcus), K. Patel (Arrcus), K. Sriram.

A BGP route leak is an unintentional propagation of BGP prefixes beyond the intended scope that could result in a redirection of traffic through an unintended path that may enable eavesdropping or traffic analysis, and may or may not result in an overload or complete drop (black hole) of the traffic. Route leaks can be accidental or malicious but most often arise from accidental misconfigurations.

With the end of the 2022' third quarter, we invite you to take a tour into DDoS attacks mitigation and BGP incidents statistics recorded from July to September.

The second quarter of the year has ended and, as usual, we take a look back at the mitigated DDoS attacks activity and BGP incidents that occurred between April and June 2022.

The IDS Bypass contest was held at the Positive Hack Days conference for the third time (for retrospective, here's . This year we created six game hosts, each with a flag. To get the flag, participants had either to exploit a vulnerability on the server or to fulfill another condition, for example, to enumerate lists of domain users.

The tasks and vulnerabilities themselves were quite straightforward. The difficulty laid in bypassing the IDS: the system inspected network traffic from participants using special rules that look for attacks. If such a rule was triggered, the participant's network request was blocked, and the bot sent them the text of the triggered rule in Telegram.

And yes, this year we tried to move away from the usual CTFd and IDS logs towards a more convenient Telegram bot. All that was needed to take part was to message the bot and pick a username. The bot then sent an OVPN file to connect to the game network, after which all interaction (viewing tasks and the game dashboard, delivering flags) took place solely through the bot. This approach paid off 100%!

The first quarter of the year 2022 has passed; now, it is time to look at the events of Q1 in terms of mitigated DDoS activity and recorded BGP incidents.

In this article I'd like to describe different traffic mirroring options for HPE Virtual Connect modules. I try to answer two questions: "What options work and why?" and "How different traffic mirroring cases can be implemented?"

2021 was an action-packed year for Qrator Labs.

It started with the official celebration of our tenth year anniversary, continued with massive routing incidents, and ended with the infamous Meris botnet we reported back in September.

Now it is time to look at the events of the last quarter of 2021. There are interesting details in the BGP section, like the new records in route leaks and hijacking ASes, but first things first, as we start with the DDoS attacks statistics.

DDoS attacks send ripples on the ocean of the Internet, produced by creations of various sizes - botnets. Some of them feed at the top of the ocean, but there also exists a category of huge, deep water monstrosities that are rare and dangerous enough they could be seen only once in a very long time.

November 2021 we encountered, and mitigated, several attacks from a botnet, that seems to be unrelated to one described and/or well-known, like variants of Mirai, Bashlite, Hajime or Brickerbot.

Although our findings are reminiscent of Mirai, we suppose this botnet is not based purely on propagating Linux malware, but a combination of brute forcing and exploiting already patched CVEs in unpatched devices to grow the size of it. Either way, to confirm how exactly this botnet operates, we need to have a sample device to analyze, which isn’t our area of expertise.

This time, we won’t give it a name. It is not 100% clear what we are looking at, what are the exact characteristics of it, and how big this thing actually is. But there are some numbers, and where possible, we have made additional reconnaissance in order to better understand what we’re dealing with.

But let us first show you the data we’ve gathered, and leave conclusions closer to the end of this post.

Hello, everybody!

My name is Alexander Zubkov and today I’d like to talk about routing loops.