QUIC protocol is blocked in Russia

Wed, 16 Mar 2022 03:17:12 -0700

HTTP/3 connections (QUIC; UDP to port 443) to foreign sites are blocked in several ISPs in Russia, the ones which have government Deep Packet Inspection system called TSPU. The technical symptom of the blocking is that there is no reply to the Initial Packet.
The filter applies only to packets with UDP payload larger than 1001 byte (including 1001). Filter seeks for "00 00 00 01" (hex, QUIC version) in the UDP payload starting from the second byte. It is applied only for UDP packets with destination port == 443. Source port doesn't matter (the filter is not applies for source port == 443). 

Pseudo YARA rule:


rule QUIC_block_Russia_TSPU_04_mar_2022
{
    condition:
        filesize > 1000 and dport == 443 and int32be(1) == 0x00000001
}


Minimalistic payload for which the filter is applied is in attachment.

More information:
https://ntc.party/t/http-3-quic/1823
https://github.com/net4people/bbs/issues/108

<<attachment: quic_tspu_filtered.bin.zip>>



Attachment:
OpenPGP_signature

Description: OpenPGP digital signature














    











					Reply via email to