Zosintha za DPI

Nkhaniyi siyikulongosola zonse za DPI ndi zonse zomwe zimagwirizanitsidwa palimodzi, ndipo phindu la sayansi la malemba ndilochepa. Koma limafotokoza njira yosavuta yolambalala DPI, yomwe makampani ambiri sanayiganizirepo.

Chodzikanira #1: Nkhaniyi ndi yofufuza ndipo silimbikitsa aliyense kuchita kapena kugwiritsa ntchito chilichonse. Lingalirolo limachokera pazochitika zaumwini, ndipo zofanana zilizonse zimakhala zachisawawa.

Chenjezo No. 2: nkhaniyo siwulula zinsinsi za Atlantis, kufufuza kwa Holy Grail ndi zinsinsi zina za chilengedwe chonse; zinthu zonse zilipo kwaulere ndipo zikhoza kufotokozedwa kangapo pa Habré. (Sindinachipeze, ndingayamikire ulalo)

Kwa amene awerenga machenjezo, tiyeni tiyambe.

Kodi DPI ndi chiyani?

DPI kapena Deep Packet Inspection ndi ukadaulo wodziunjikira ziwerengero, kuyang'ana ndi kusefa mapaketi a netiweki posanthula osati mitu yapaketi yokha, komanso kuchuluka kwa magalimoto pamilingo yachitsanzo cha OSI kuyambira chachiwiri ndi chapamwamba, chomwe chimakupatsani mwayi wozindikira ndikuwunika. block ma virus, zidziwitso zosefera zomwe sizikukwaniritsa zofunikira.

Pali mitundu iwiri ya kulumikizana kwa DPI, yomwe ikufotokozedwa ValdikSS pa github:

Passive DPI

DPI yolumikizidwa ndi netiweki yopereka chithandizo mofananira (osati podula) mwina kudzera pagawo laling'ono, kapena kugwiritsa ntchito magalasi a magalimoto ochokera kwa ogwiritsa ntchito. Kulumikizana uku sikuchepetsa kuthamanga kwa intaneti ya wothandizira ngati palibe ntchito yokwanira ya DPI, chifukwa chake imagwiritsidwa ntchito ndi opereka akuluakulu. DPI yokhala ndi kulumikizana kwamtunduwu imatha kuzindikira mwaukadaulo kuyesa kupempha zinthu zoletsedwa, koma osayimitsa. Kuti mulambalale chiletsochi ndikuletsa kulowa patsamba loletsedwa, DPI imatumiza wogwiritsa ntchito kupempha ulalo wotsekedwa paketi ya HTTP yopangidwa mwapadera ndikutumizanso patsamba la woperekayo, ngati kuti yankho lotere latumizidwa ndi zomwe adafunsidwa (IP ya wotumizayo). adilesi ndi mndandanda wa TCP amapangidwa). Chifukwa DPI ili pafupi kwambiri ndi wogwiritsa ntchito kuposa malo omwe adafunsidwa, yankho la spoofed limafika pa chipangizo cha wogwiritsa ntchito mofulumira kusiyana ndi yankho lenileni la tsambalo.

Active DPI

Active DPI - DPI yolumikizidwa ndi netiweki ya omwe amapereka mwachizolowezi, monga chida china chilichonse cha netiweki. Wothandizira amakonza njira kuti DPI ilandire magalimoto kuchokera kwa ogwiritsa ntchito kupita ku ma adilesi otsekedwa a IP kapena madambwe, ndipo DPI ndiye amasankha kulola kapena kuletsa magalimoto. Active DPI imatha kuyang'ana magalimoto omwe atuluka komanso omwe akubwera, komabe, ngati woperekayo akugwiritsa ntchito DPI kuti atseke masamba kuchokera ku registry, nthawi zambiri amakonzedwa kuti ayang'ane magalimoto otuluka okha.

Osati kokha kugwira ntchito kwa kutsekereza magalimoto, komanso katundu wa DPI zimadalira mtundu wa kugwirizana, kotero n'zotheka kuti musayang'ane magalimoto onse, koma ena okha:

"Normal" DPI

DPI "yokhazikika" ndi DPI yomwe imasefa mtundu wina wa magalimoto pamadoko omwe amapezeka kwambiri amtunduwu. Mwachitsanzo, DPI "yokhazikika" imazindikira ndikuletsa magalimoto oletsedwa a HTTP okha pa doko 80, magalimoto a HTTPS pa doko 443. Mtundu uwu wa DPI sudzatsata zoletsedwa ngati mutumiza pempho ndi ulalo wotsekedwa ku IP yosatsekedwa kapena yosagwirizana. doko lokhazikika.

"Full" DPI

Mosiyana ndi DPI "yokhazikika", mtundu uwu wa DPI umayika magalimoto mosasamala kanthu za adilesi ya IP ndi doko. Mwanjira iyi, masamba otsekedwa sangatseguke ngakhale mukugwiritsa ntchito seva ya proxy padoko losiyana kwambiri ndi adilesi ya IP yosatsegulidwa.

Kugwiritsa ntchito DPI

Kuti musachepetse kutengerapo kwa data, muyenera kugwiritsa ntchito "Normal" passive DPI, yomwe imakupatsani mwayi wochita bwino? block iliyonse? zothandizira, kasinthidwe kosasintha kumawoneka motere:

• Zosefera za HTTP zokha padoko 80
• HTTPS yokha padoko 443
• BitTorrent kokha pamadoko 6881-6889

Koma mavuto amayamba ngati gwero lidzagwiritsa ntchito doko losiyana kuti lisataye ogwiritsa ntchito, ndiye muyenera kuyang'ana phukusi lililonse, mwachitsanzo mungapereke:

• HTTP imagwira ntchito padoko 80 ndi 8080
• HTTPS pa doko 443 ndi 8443
• BitTorrent pa gulu lina lililonse

Chifukwa cha izi, muyenera kusintha DPI "Yogwira" kapena kugwiritsa ntchito kutsekereza pogwiritsa ntchito seva yowonjezera ya DNS.

Kuletsa kugwiritsa ntchito DNS

Njira imodzi yoletsera mwayi wopeza chithandizo ndikuletsa pempho la DNS pogwiritsa ntchito seva yapafupi ya DNS ndikubwezera wogwiritsa adilesi ya IP ya "stub" m'malo mogwiritsa ntchito zofunikira. Koma izi sizimapereka zotsatira zotsimikizika, chifukwa ndizotheka kupewa spoofing adilesi:

Njira 1: Kusintha fayilo ya makamu (ya desktop)

Fayilo ya makamu ndi gawo lofunikira pamakina aliwonse ogwiritsira ntchito, omwe amakulolani kuti mugwiritse ntchito nthawi zonse. Kuti agwiritse ntchito, wogwiritsa ntchito ayenera:

1. Pezani adilesi ya IP yachinthu chofunikira
2. Tsegulani fayilo ya makamu kuti musinthe (ufulu wa woyang'anira ukufunika), womwe uli mu:
   • Linux: /etc/hosts
   • Windows: %WinDir%System32driversetchosts
3. Onjezani mzere mumpangidwe: <dzina lachinthu>
4. Sungani zosintha

Ubwino wa njirayi ndizovuta zake komanso kufunikira kwa ufulu wa oyang'anira.

Njira 2: DoH (DNS pa HTTPS) kapena DoT (DNS pa TLS)

Njirazi zimakulolani kuti muteteze pempho lanu la DNS kuti lisawonongeke pogwiritsa ntchito kubisa, koma kukhazikitsa sikuthandizidwa ndi mapulogalamu onse. Tiyeni tiwone kumasuka kokhazikitsa DoH ya mtundu 66 wa Mozilla Firefox kuchokera kumbali ya ogwiritsa ntchito:

1. Pitani ku adilesi za: config mu Firefox
2. Tsimikizirani kuti wosuta ali ndi chiopsezo chilichonse
3. Sinthani mtengo wa parameter network.trr.mode pa:
   • 0 - kuletsa TRR
   • 1 - kusankha basi
   • 2 - yambitsani DoH mwachisawawa
4. Sinthani parameter network.trr.uri kusankha seva ya DNS
   • Cloudflare DNS: mozilla.cloudflare-dns.com/dns-query
   • GoogleDNS: dns.google.com/experimental
5. Sinthani parameter network.trr.boostrapAddress pa:
   • Ngati Cloudflare DNS yasankhidwa: 1.1.1.1
   • Ngati Google DNS yasankhidwa: 8.8.8.8
6. Sinthani mtengo wa parameter network.security.esni.enabled pa koona
7. Onetsetsani kuti zokonda zili zolondola pogwiritsa ntchito Cloudflare service

Ngakhale kuti njirayi ndi yovuta kwambiri, sikutanthauza kuti wogwiritsa ntchitoyo akhale ndi ufulu woyang'anira, ndipo pali njira zina zambiri zopezera pempho la DNS lomwe silinafotokozedwe m'nkhaniyi.

Njira 3 (pazida zam'manja):

Kugwiritsa ntchito Cloudflare app kuti Android и iOS.

Kuyesa

Kuti muwone kusowa kwazinthu, dera lotsekedwa mu Russian Federation linagulidwa kwakanthawi:

• HTTP chekeni + doko 80
• HTTP chekeni + doko 8080
• HTTPS cheke + doko 443
• HTTPS cheke + doko 8443

Pomaliza

Ndikukhulupirira kuti nkhaniyi idzakhala yothandiza ndipo idzalimbikitsa osati olamulira okha kuti amvetsetse nkhaniyi mwatsatanetsatane, komanso ipereka kumvetsetsa kuti zothandizira nthawi zonse zimakhala kumbali ya wogwiritsa ntchito, ndipo kufufuza mayankho atsopano kuyenera kukhala gawo lofunikira kwa iwo.

maulalo othandiza

• Kukhazikitsa muyezo wa Encrypted SNI mu Firefox
• Offline DPI Bypass

Kuwonjezera kunja kwa nkhaniyoKuyesa kwa Cloudflare sikungatheke pa intaneti ya opareshoni ya Tele2, ndipo DPI yokonzedwa bwino imalepheretsa kulowa patsamba loyesa.
PS Mpaka pano uyu ndiye wothandizira woyamba yemwe amaletsa bwino zinthu.

Source: www.habr.com