It is common knowledge that working for a state-owned company is not always sunshine and roses and, at the behest of the Board, one sometimes has to sift gravel from dirt. A simple equipment can be built and used to do so. In Poland such a piece of equipment is called “arfa”.
EXATEL, as a telecommunications operator, is engaged in sifting the cyber gravel, specifically telecommunications packets with a high throughput link. In the TAMA project we took the first approach to the problem. This useful tool, we already mentioned in one of our previous texts, is used to separate the cyberlentis from the cyberashes by our very own CyberCinderella – the Security Operation Center. They use it because the tool we implemented generates revenue for the state budget every day. It is win-win situation.
The TAMA project was developed thanks to the support of the National Centre for Research and Development and was the first step for EXATEL on its way to increasing technological autonomy as the telecommunications operator. If we already use Polish optical fibres from a company in Podkarpacie, laid by our subsidiary Energotel, why shouldn’t we further develop the product portfolio? Is Poland no country for skilled workforce?
We are not afraid of accusations regarding economic xenophobia because our projects are in line with the European agenda: building a knowledge-based economy, which was a premise of the Lisbon Strategy. Every Polish project is at the same time a European product, isn’t it? Europe is aware that high-tech industries need to be developed in its member states, as it is amply demonstrated by the National Recovery Plan or projects submitted to the IPCEI (Important Project of Common European Interest). Europe does not establish a common R&D policy, which means that each member state is free to do so, therefore, Germans, French, Italians or Swedes can develop technology on their own and so are Poles.
So what is ARFA used for and why does appetite come with eating?
It takes years of investing to catch up to world class, but once you do everything becomes easier. We learned to repel volumetric DDos attacks in the TAMA project and this is just one type of network attacks. Various attacks exist that are just as effective and don’t require a million packets, which makes them easier to slip through network defences. A new network is needed for such gravel, hence ARFA. A good example can be infamous so-called “Ping of death” which was a single packet attack that could shut down whole Windows system.
When TAMA is at its wits’ end, it’s ARFA’s time to shine
ARFA covers a variety of areas not prevented by TAMA and their common denominator are attacks on service availability. Such an attack can be performed in many ways. Hackers can load the server with encrypted queries, where it takes a lot of computing power to span the TLS tunnel between the client and the server. Not many of them are needed for a successful attack: if one knows which queries hurt the most, there may be far fewer of them than the nominal bandwidth. Such an analysis was performed for us last academic year by students of the Faculty of Mathematics and Information Sciences of the Warsaw University of Technology (as a part of their full-time studies!). Both the students and we had a lot of fun. If post-quantum cryptography comes into use, it will make it even more fun. It is impossible to crack with a quantum computer, thick in transmission and hard to count, even if the cryptosystem is called Tiny McEliece.
ARFA for sieving streams
ARFA will thus look at all requests (and yes, we’re still talking about a 100 GbE link. No, we’re haven’t gone mad.) because unlike TAMA it will be able to reassemble TCP streams. As you already know, many queries depend on the context: we can have attacks on DNS, mail servers, web servers, LDAP. Even if you are not a target, your server can easily become abused as reflector, all you need is the RDP protocol of our beloved Windows to reflect and participate in a massive attack on some (probably) innocent server. Sounds like fun? The operator is also delighted because he has link traffic above the 95th percentile and the customer invoice issued at the end of the month will be quite impressive. The last part is of course a joke. We don’t intend to build EXATEL’s business strategy on malicious traffic.
Border Gateway Protocol or our Internet’s Postal Service
Last but not least, we have a BGP protocol route reflector – which role can be summarized in the sentence “what should I do with this destination IP packet I have right here” – and what tricks can be played using BGP. Obviously we are happy when network traffic reaches us. But are we equally happy that, let’s say, packages from Germany to Poland have miraculously passed through North Korea? Typically we don’t even know about it, as long as they arrive at all. It’s a bit of a paradox. It would actually have been better if they hadn’t arrived at all. This way we would have realised that something strange was going on. As the old proverb says: better the devil you know than the devil you don’t.
Since such situations happen to the usually cautious Swiss (BGP route leak attack), we decided to take a closer look at the topic and we will let you know about our findings. Or rather, the Silesian University of Technology will do that because it is their brave team that took the subject on. We have already had two meetings and have been having a lot of fun while bearing on the merits of the matter.
Mr. Packet in Brazil
There are quite a lot of such stories, here’s one for all the nerds out here: the other day when I was sitting at my alma mater, I decided to ping the router and noticed that 192.168.1.1 responded with a packet 20 hops away. It was quite surprising. The router was just in the next room, so I thought it went a bit overboard. But (insert here a 20 packet late flash of intelligence) I thought of something. Our network is 192.168.0.x/24, so I’m completely wrong. I’m pinging 192.168.0.1 and TTL 64 or something as big, so my logic is back, but wait, let’s stop playing games… WHO INSERTED 192.168.1.1 FROM A BRAZIL INTO THE ROUTING TABLE AT A RENOWNED POLISH TECHNICAL UNIVERSITY?
And from such stories we built the whole project, which we will implement and deploy to make our network even more secure. If you also enjoy implementing and witnessing how your work plays out, we invite you to join us. My colleagues and I have experienced this quite a few times in our lifetime, most recently during TAMA implementation. And I can assure you, the experience is priceless.
