shadowsocks-org icon indicating copy to clipboard operation
shadowsocks-org copied to clipboard
verified publisher icon shadowsocks

Recent White List issues

Open bash99 opened this issue 8 years ago • 4 comments

As we know, some ISP use white list (port and more?) recently, and the logic is:

TCP handshake --> pass Server First Return packet --> pass Client first packet --> filtered

As they need to white-list some site, so if the Server First Return packet match pattern and port of white-list site, maybe they'll let client first packet pass.

bash99 avatar Oct 25 '17 10:10 bash99

quote: ISP starts using whitelist

peinhu avatar Oct 26 '17 03:10 peinhu

Whitelist mode now is minority. But Many IPs are being blocked temporarily or permanently. Does everyone has a study on GFW's blocking policy?

cokebar avatar Oct 26 '17 14:10 cokebar

Do you have any evidence/source to back up the logic you claimed?

Mygod avatar Oct 27 '17 23:10 Mygod

@Mygod

a few tcpdump file on both side for a ssr tls1.2 obfs.

and in that time, telnet server ssh port (high port other than 22), I can got ssh hello (server version ...), but can not login.

bash99 avatar Oct 28 '17 11:10 bash99