Comment by molticrystal

Comment by molticrystal 4 days ago

2 replies

View on Hacker News

Well for starters recreate the situation and test out different approaches. Thanks to the detailed analysis that can be attempted.

If I understand right, a good next step would would be with eBPF or some type of proxy ignore the forged RST+ACK at the beginning.

Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.

kotri 4 days ago

> ignore the forged RST+ACK

See <Ignoring the Great Firewall of China> in 2006. That won't work if RST/ACK was injected to both sides.

> Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.

This is an interesting approach already being utilized, namely TCB desync. But currently most people tend to buy VPN/proxy services rather than studying this.

Reply View 1 reply
  • billy99k a day ago

    I've been using Astrill to bypass the GFW for almost a decade. It's a bit expensive, but worth it.

    Reply View 0 replies