Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Intensive Shadowsocks blocking in China since mid-September #16

Open
wkrp opened this issue Oct 10, 2019 · 5 comments
Open

Intensive Shadowsocks blocking in China since mid-September #16

wkrp opened this issue Oct 10, 2019 · 5 comments
Labels

Comments

@wkrp
Copy link
Collaborator

@wkrp wkrp commented Oct 10, 2019

There are reports of a sudden increase in the blocking of Shadowsocks servers accessed from China. It sounds like it begain, suddenly and noticeably, on September 16 or September 17. From what I can gather, servers are getting blocked (by IP address) within about 30 minutes of being connected to from China—but I don't know if that's consistent across all servers, only some of them, or what. I don't really know any specifics.

There are some threads on Reddit /r/shadowsocks:

The shadowsocks-windows issue tracker also may have some discussion, but it's mostly in Chinese and harder for me to judge.

Here's a post about a SOCKS proxy service mentioning increased blocking:

Are any other protocols or circumvention systems being affected, besides Shadowsocks? I looked at the recent Tor metrics from China and I don't see anything significant on September 16. But the number of users of obfs4, which is the pluggable transport most similar to Shadowsocks, was already close to 0, so it's hard to say whether anything changed.

userstats-relay-country-cn-2019-07-01-2019-10-10-off

userstats-bridge-combined-cn-2019-07-01-2019-10-10

Here's a thread from 2017 on a similar topic. And a report also from 2017 that Shadowsocks, Lantern, and Psiphon were affected in October of that year.

@sergeyfrolov

This comment has been minimized.

Copy link

@sergeyfrolov sergeyfrolov commented Oct 10, 2019

I know of at least one way to reliably detect shadowsocks, and I can share the method with you privately.

@ValdikSS

This comment has been minimized.

Copy link

@ValdikSS ValdikSS commented Oct 10, 2019

@sergeyfrolov I'm interested in this information too, if you don't mind.

@fortuna

This comment has been minimized.

Copy link

@fortuna fortuna commented Oct 26, 2019

I have hard evidence of Outline servers being probed on a regular basis around 12-14h after traffic from China starts. We have many users successfully using Outline in China, but also reports of servers being blocked quickly. I’m interested in experimenting and learning more what’s actually happening.

@Ricardocp96

This comment has been minimized.

Copy link

@Ricardocp96 Ricardocp96 commented Oct 27, 2019

@fortuna i have been using outline servers very successfully until mid this September where the server was blocked via ip address after some minutes of connecting. had to create new servers via outline manager but yet again the servers would be detected and blocked

@wkrp

This comment has been minimized.

Copy link
Collaborator Author

@wkrp wkrp commented Dec 29, 2019

A report today says that the recent blocking of Shadowsocks may be because of active probing by the GFW: https://gfw.report/blog/gfw_shadowsocks/ (also here as #22).

However, the capability to active-probe Shadowsocks may be older than 2019-09-16. We had a case in our logs from June/July 2019 that was consistent with the recent active probes. It's possible that the ability to probe Shadowsocks has been in development for a while, but only became widely deployed in mid-September 2019. The evidence is somewhat ambiguous, because as the report says, some Shadowsocks servers were not blocked, despite being probed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.