1074
submitted 1 year ago by simple@lemm.ee to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] tal@kbin.social 1 points 1 year ago

The Kremlin could maybe have something set up that looks for accesses to stuff inside Russia from outside Russia, then flag that IP as suspicious as being a VPN endpoint outside Russia.

So, okay, take this scenario:

  • IP A, user inside Russia.

  • IP B, VPS outside Russia.

  • IP C, service inside Russia that state can monitor.

User in Russia on IP A has an SSH tunnel to VPS on IP B with SOCKS that they control.

That's fine as long as user is only browsing the Internet outside Russia. But if you're routing all traffic through the VPS and you use any sites in Russia, the Great Russian Firewall can see the following:

  1. IP A has a long-running SSH connection to IP B.

  2. IP B is accessing stuff in Russia.

You could maybe also do heavier-weight traffic analsysis on top of that if you see 1 and 2, or gather data over a longer period of time, but seeing 1 and 2 alone are probably enough to block IP A to IP B connections.

That can be defeated by using two external VPSes, opening an SSH tunnel to the first one, and then talking to SOCKS on the second (maybe with another SSH connection linking the two). But that's increasing complexity and cost.

[-] MooseBoys@lemmy.world 2 points 1 year ago

can be defeated with two VPSes, but that’s increasing complexity and cost

A marginal increase, perhaps. You don’t need a separate VPS - just a second IP. Accept incoming traffic on port 22 on one, and set the default route for outbound traffic to the other.

this post was submitted on 10 Aug 2023
1074 points (98.3% liked)

Technology

59081 readers
3280 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS