Zvimiro zveDPI zvigadziriso

Ichi chinyorwa hachifukidze kugadzirisa kwakazara kweDPI uye zvese zvakabatana pamwe chete, uye kukosha kwesainzi kwechinyorwa kudiki. Asi inotsanangura nzira yakareruka yekunzvenga DPI, iyo makambani mazhinji asina kurangarira.

Disclaimer #1: Chinyorwa ichi ndechekutsvagisa uye hachikurudzire chero munhu kuita kana kushandisa chero chinhu. Pfungwa yacho yakavakirwa paruzivo rwemunhu, uye chero kufanana kunongoitika.

Yambiro Nhamba 2: chinyorwa hachizivise zvakavanzika zveAtlantis, kutsvaga kweChitsvene Grail nezvimwe zvakavanzika zvepasi rose; zvinhu zvose zvinowanikwa pachena uye zvinogona kunge zvakatsanangurwa kanopfuura kamwe paHabré. (Ini handina kuiwana, ndingatenda kune iyi link)

Kune vakaverenga yambiro, ngatitangei.

Chii chinonzi DPI?

DPI kana Deep Packet Inspection tekinoroji yekuunganidza nhamba yedata, kutarisa uye kusefa network mapaketi nekuongorora kwete chete misoro yemapakiti, asiwo zvizere zvetraffic pamazinga eiyo OSI modhi kubva yechipiri nepamusoro, iyo inobvumidza iwe kuona uye vhara mavhairasi, ruzivo rwesefa isingaite zvakatemwa.

Kune marudzi maviri ekubatana kweDPI, ayo anotsanangurwa ValdikSS pa github:

Passive DPI

DPI yakabatana kune mupi wetiweki nenzira yakafanana (kwete mukuchekwa) kungave kuburikidza neyakagadzika optical splitter, kana kushandisa mirroring yetraffic inobva kuvashandisi. Kubatana uku hakunonoke kukurumidza kwetiweki yemupi kana isina kukwana DPI kuita, ndicho chikonzero inoshandiswa nevapeji vakakura. DPI ine rudzi urwu rwekubatanidza inokwanisa chete kuona kuedza kukumbira zvinorambidzwa, asi kwete kuimisa. Kuti upfuure chirambidzo ichi uye kuvhara kupinda kune inorambidzwa saiti, DPI inotumira mushandisi kukumbira yakavharika URL pakiti yakanyatsogadzirwa yeHTTP ine redirect kune peji remupi, sekunge mhinduro yakadaro yakatumirwa neyakakumbirwa sosi pachayo (IP yemutumi. kero uye TCP kutevedzana kwakagadzirwa). Nekuti iyo DPI iri padyo nemushandisi pane saiti yakakumbirwa, mhinduro yakashata inosvika pachishandiso chemushandisi nekukurumidza kupfuura mhinduro chaiyo kubva kune saiti.

Active DPI

Active DPI - DPI yakabatana kune network yemupi nenzira yakajairwa, senge chero imwe network network. Mupi anogadzirisa nzira kuitira kuti DPI igamuchire traffic kubva kune vashandisi kune yakavharika IP kero kana madomasi, uye DPI inobva yafunga kana kubvumidza kana kuvharira traffic. Active DPI inogona kuongorora ese arikubuda uye anouya traffic, zvisinei, kana mupi akashandisa DPI chete kuvharira masayiti kubva kune registry, inowanzo gadziridzwa kuti iongorore inobuda traffic.

Kwete chete kushanda kwekuvhara traffic, asiwo mutoro paDPI unoenderana nerudzi rwekubatanidza, saka zvinogoneka kuti usatarise traffic yese, asi zvimwe chete:

"Zvakajairika" DPI

A "regular" DPI iDPI inosefa imwe mhando yetraffic chete pazviteshi zvakajairika zverudzi irworwo. Semuyenzaniso, "regular" DPI inoona uye inovharisa inorambidzwa HTTP traffic chete pachiteshi 80, HTTPS traffic pachiteshi 443. Iyi mhando yeDPI haizoteedzere zvakarambidzwa kana ukatumira chikumbiro ne URL yakavharwa kune isina kuvharwa IP kana isiri- standard port.

"Yakazara" DPI

Kusiyana neiyo "yakajairika" DPI, iyi mhando yeDPI inoronga traffic zvisinei neIP kero uye chiteshi. Nenzira iyi, masaiti akavharika haavhure kunyangwe iwe uri kushandisa proxy server pane yakanyatsosiyana chiteshi uye isina kuvharirwa IP kero.

Kushandisa DPI

Kuti urege kuderedza chiyero chekuendesa data, unofanirwa kushandisa "Normal" passive DPI, iyo inokubvumira kuti ubudirire? block chero? zviwanikwa, iyo default gadziriso inotaridzika seizvi:

• HTTP sefa chete pachiteshi 80
• HTTPS chete pachiteshi 443
• BitTorrent chete pazviteshi 6881-6889

Asi matambudziko anotanga kana iyo sosi ichashandisa chiteshi chakasiyana kuti usarase vashandisi, ipapo uchafanirwa kutarisa pasuru yega yega, semuenzaniso unogona kupa:

• HTTP inoshanda pachiteshi 80 uye 8080
• HTTPS pachiteshi 443 uye 8443
• BitTorrent pane chero rimwe bhendi

Nekuda kweizvi, iwe uchafanirwa kuchinjira ku "Active" DPI kana kushandisa kuvharira uchishandisa imwe DNS server.

Kuvhara uchishandisa DNS

Imwe nzira yekuvharisa kuwana kune sosi ndeyekubvuta chikumbiro cheDNS uchishandisa yemuno DNS server uye kudzosera mushandisi "stub" IP kero pane iyo inodiwa sosi. Asi izvi hazvipi mhedzisiro yakavimbiswa, sezvo zvichikwanisika kudzivirira kero spoofing:

Sarudzo 1: Kugadzirisa iyo faira faira (yedesktop)

Iyo faira faira chikamu chakakosha chechero system yekushandisa, iyo inobvumidza iwe kugara uchiishandisa. Kuti uwane iyo sosi, mushandisi anofanira:

1. Tsvaga iyo IP kero yeinodiwa sosi
2. Vhura iyo faira faira rekugadzirisa (kodzero dzemutungamiriri dzinodiwa), iri mu:
   • Linux: /etc/hosts
   • Windows: % WinDir% System32driversetchosts
3. Wedzera mutsara mufomati: <zita resource>
4. Sevha shanduko

Kubatsira kweiyi nzira kuoma kwayo uye kudiwa kwekodzero dzemutungamiriri.

Sarudzo yechipiri: DoH (DNS pamusoro peHTTPS) kana DoT (DNS pamusoro peTLS)

Idzi nzira dzinokutendera kuti uchengetedze chikumbiro chako cheDNS kubva mukubiridzira uchishandisa encryption, asi kuita hakutsigirwe nese maapplication. Ngatitarisei kureruka kwekumisikidza DoH yeMozilla Firefox vhezheni 66 kubva kudivi remushandisi:

1. Enda kukero pamusoro: config muFirefox
2. Simbisa kuti mushandisi anotora njodzi yese
3. Shandura kukosha kweparameter network.trr.mode on:
   • 0 - kudzima TRR
   • 1 - otomatiki kusarudzwa
   • 2 - gonesa DoH nekukasira
4. Shandura parameter network.trr.uri kusarudza DNS server
   • Cloudflare DNS: mozilla.cloudflare-dns.com/dns-query
   • GoogleDNS: dns.google.com/experimental
5. Shandura parameter network.trr.boostrapAddress on:
   • Kana Cloudflare DNS yakasarudzwa: 1.1.1.1
   • Kana Google DNS yasarudzwa: 8.8.8.8
6. Shandura kukosha kweparameter network.security.esni.enabled pamusoro zvechokwadi
7. Tarisa kuti marongero akarurama uchishandisa Cloudflare service

Kunyange zvazvo nzira iyi yakanyanya kuoma, haidi kuti mushandisi ave nekodzero dzemutungamiri, uye kune dzimwe nzira dzakawanda dzekuchengetedza chikumbiro cheDNS chisina kutsanangurwa munyaya ino.

Sarudzo 3 (yemidziyo nhare):

Uchishandisa iyo Cloudflare app ku Android и IOS.

Kuedza

Kuti utarise kushomeka kwekuwana zviwanikwa, nzvimbo yakavharwa muRussian Federation yakatengwa kwenguva pfupi:

• Tarisa HTTP + chiteshi 80
• Tarisa HTTP + chiteshi 8080
• HTTPS cheki + port 443
• HTTPS cheki + port 8443

mhedziso

Ndinovimba kuti chinyorwa ichi chichabatsira uye chichakurudzira kwete vatariri chete kuti vanzwisise nyaya yacho zvakadzama, asi ichapawo kunzwisisa kuti. zviwanikwa zvichagara zviri kudivi remushandisi, uye kutsvaga mhinduro nyowani kunofanirwa kuve chikamu chakakosha kwavari.

Useful links

• Kushandisa iyo Encrypted SNI standard muFirefox
• Offline DPI Bypass

Kuwedzera kunze kwechinyorwaIyo Cloudflare bvunzo haigone kupedzwa paTele2 opareta network, uye yakanyatso gadziridzwa DPI inovhara kupinda kune yekuyedza saiti.
PS Parizvino uyu ndiye wekutanga mupi anovhara nemazvo zviwanikwa.

Source: www.habr.com