Comment by agentifysh

Comment by agentifysh 2 days ago

so will this detect residential proxies? how is that being done, I am getting hammered and its all legitimate normal ISP traffic.

Sakura-sx 2 days ago

It's done by checking the difference between the initial TCP RTT and the subsequent TCP RTTs, both of which can be retrieved from the Linux Kernel easily without the need for PCAPing. There is more info about how it is done on the README

Reply View 0 replies

JDye 2 days ago

To answer your first question, in my tests its around 50% of requests making it through.

Reply View 5 replies

Sakura-sx 2 days ago

Are you using a proxy? If you aren't that would be concerning, since false positives are way worse than false negatives.
If you are then it means the score is sometimes a bit lower and sometimes a bit higher than 0.1, which is the threshold for getting blocked.
If you want to know the exact score, you can check https://aroma.global.ssl.fastly.net/score
It's set at a low threshold since I want to avoid blocking regular users at all costs, I think the detection can be improved a lot by using more data and not a single division to calculate the score, in this case it's a somewhat simple PoC.
Thanks for taking the time to test it, I really appreciate it!

Reply View | 4 replies
- JDye 2 days ago
  
  I'm testing using our residential proxies.
  It's a super cool tool, I've been wondering about an open source tool doing this since reading about the technique in one of Nikolai Tschacher's blog posts years ago (https://incolumitas.com/pages/about/).
  There's a few ways to work around this, but I think it's one of the best signals available to detect low-effort/common proxy providers.
  
  Reply View | 3 replies
  
  Manouchehri a day ago
  
  Would you be open to offering MASQUE proxying? I started to as support to GOST, been testing with Bright Data (only for UDP sadly, not TCP), but would love to see others add support so I could test with more than just 1 vendor.
  https://github.com/go-gost/x/pull/75
  https://github.com/go-gost/x/pull/76
  
  Reply View | 1 reply
  
  JDye a day ago
  
  [dead]
  
  Reply View | 0 replies
  
  Sakura-sx 2 days ago
  
  Oh I haven't seen that before, it's really cool, thank you for showing me that!
  I want to clarify that the approaches are a bit different, they use IP intelligence too and this approach doesn't use any kind of websockets, which is a really good idea, and I have to admit I didn't think of that, but sadly it's not really possible to do it with Fastly.
  Another big difference is that this could work with any TCP application, not only HTTP, and if you do it with HTTP/S you can know if it's a proxy or not on a request basis and totally passively, without adding any delay or changing the code of the app.
  But yeah, it's a really cool demo, thanks again!
  
  Reply View | 0 replies