Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ss已经被特征识别了,请大家跑路 #988

Open
ghost opened this issue Oct 10, 2017 · 303 comments

Comments

Projects
None yet
@ShinChven

This comment has been minimized.

Copy link

commented Oct 11, 2017

机器学习好可怕

@celeron533

This comment has been minimized.

Copy link

commented Oct 11, 2017

非学术用户只能看到摘要

Author Keywords
detection, shadowsocks, random forest algorithm, machine learning

@cloudzhong

This comment has been minimized.

Copy link

commented Oct 11, 2017

太可怕了
In our experiment, we verify that it is remarkable effective to apply machine learning into traffic detection. We also conclude that with the scale of train set increase which means the model is more complete, the accuracy rate of detection will also increase. Additionally, with the scale of test set increase, the accuracy rate of detection will also increase. Applying this semi-supervised machine learning algorithm into traffic detection can reduce false alarm rate, false rate and cost when comparing with the same way done artificially.

@huangyanxiong01

This comment has been minimized.

Copy link

commented Oct 11, 2017

又要开发新的技术方案

@ShinChven

This comment has been minimized.

Copy link

commented Oct 11, 2017

谁把这个论文弄出来一份……

@zequnyu9503

This comment has been minimized.

Copy link

commented Oct 11, 2017

我真是服了这群人了,大家都用着好好的,别搞事情好不好!

@jocover

This comment has been minimized.

Copy link

commented Oct 11, 2017

求论文

@bochao-liu

This comment has been minimized.

Copy link

commented Oct 11, 2017

@DingkunLiu

This comment has been minimized.

Copy link

commented Oct 11, 2017

论文在这。
08048116.pdf

@wizardforcel

This comment has been minimized.

Copy link

commented Oct 11, 2017

如果特征就是这样的话,可以想办法绕过了。

我觉得可以尽可能想办法伪装成正常的 HTTP。

@ghost

This comment has been minimized.

Copy link
Author

commented Oct 11, 2017

用学术界的海盗湾啊。
https://sci-hub.cc/http://ieeexplore.ieee.org/document/8048116/

@fanyinghao

This comment has been minimized.

Copy link

commented Oct 11, 2017

目前用kcptun可以正常

@IceMimosa

This comment has been minimized.

Copy link

commented Oct 11, 2017

还可以抢救下么?

@xsharp

This comment has been minimized.

Copy link

commented Oct 11, 2017

只允许固定IP访问,也许可以避免被学习。

@lumen82

This comment has been minimized.

Copy link

commented Oct 11, 2017

To effectively prevent these things
happened and to immediately detect and arrest these
criminals, it is necessary for us not only to detect and classify
the traffic coming from proxy software, but also to
respectively mark different suspicious labels to the encrypted
traffics with certain features.
可怕

@gwuhaolin

This comment has been minimized.

Copy link

commented Oct 11, 2017

大家可以试试 Lightsocks

  • 它是一个轻量级网络混淆代理,基于 SOCKS5 协议。
  • 采用更高效的算法,专注于翻墙,更快,占用资源更少,纯 Golang 编写跨平台。
@larryisthere

This comment has been minimized.

Copy link

commented Oct 11, 2017

xl2tp 还能安心使用么?

@ccsexyz

This comment has been minimized.

Copy link

commented Oct 11, 2017

@gwuhaolin 花了几分钟看了下你的项目,就是根据密码生成一个大小为 256 的table,然后用这个 table 来对数据流中的字节进行转换。这种程度你一个人用用也就算了,我觉得并不适合大规模使用。

@pandom2003

This comment has been minimized.

Copy link

commented Oct 11, 2017

国庆后明显被GFW干扰,因为看youtube还把我的SS服务器的IP给封了。换IP后一天又被干扰导致 SSL handshake time out。修改端口和密码后暂时可翻墙。但总感觉会被随时封锁

@gwuhaolin

This comment has been minimized.

Copy link

commented Oct 11, 2017

@ccsexyz

This comment has been minimized.

Copy link

commented Oct 11, 2017

@gwuhaolin table 就是皇帝的新衣,只能骗自己。
你的实现与 shadowsocks 相比只弱不强,不管从哪个角度考虑。就算你不在乎加密,每次新建连接没有消除 socks5 协议的第一次握手真的没问题?更何况直接把两个连接的数据 Xor 一下就可以得到明文的 Xor 结果了,每次使用同样的table意味着同样的明文必然得到同样的密文,密文中值相同的字节明文必然也相同,看一下 socks5 协议握手的时候哪些字节值不会变然后一比对就能检测出来了。

@ccsexyz

This comment has been minimized.

Copy link

commented Oct 11, 2017

@gwuhaolin 我觉得自娱自乐没啥问题,但是一个不成熟的东西拿出来给大家用就不太好了。

@Antares95

This comment has been minimized.

Copy link

commented Oct 11, 2017

ss的加密用上tls 1.2会不会好点,毕竟那个是经过广泛检验的

@gwuhaolin

This comment has been minimized.

Copy link

commented Oct 11, 2017

@nanyang24

This comment has been minimized.

Copy link

commented Oct 11, 2017

在最近 严打期间 还能用的工具还有什么?

@emacsenli

This comment has been minimized.

Copy link

commented Oct 11, 2017

@Mr-indescribable

This comment has been minimized.

Copy link

commented Oct 11, 2017

@ccsexyz
其实,这个事情也不必那么纠结,成熟不成熟是一回事,但是能用不能用是另一回事。在这种需要解他人燃眉之急的情况下,即便是杯水车薪也是好的嘛。

当然,一个不成熟的作品不适合大量使用,这个是无异议的。

另外还有一点就是,是否被 GFW 针对。
这次的事情,可以看到 GFW 是会针对其已知的工具使用特定策略(或者说,重点关照)。比如这次的8388端口全灭。
一个几乎没人知道的冷门工具,若是有与已知主流工具不同的行为,那么这个工具至少在短时间内供少量用户使用是没有问题的,即便是不成熟的。

@feixingyuanshuke

This comment has been minimized.

Copy link

commented Oct 11, 2017

@Mr-indescribable 你好,请问一下8388端口被干掉了的话,用什么端口比较好呢,怎么改端口啊

@ccsexyz

This comment has been minimized.

Copy link

commented Oct 11, 2017

@Mr-indescribable 如果真的觉得这个工具有价值,用远古时代的 ss 的 table 加密就好了,特征还比这个工具少

@kk580kk

This comment has been minimized.

Copy link

commented Feb 27, 2019

亲测,可以通过haproxy在国内搭建一个服务器,来解决直接访问国外代理点丢包的问题。只要找到国内国外网络好使的国内服务器,就可以解决丢包和墙的问题。

@godofchina

This comment has been minimized.

Copy link

commented Feb 28, 2019

@wanmei111

This comment has been minimized.

Copy link

commented Feb 28, 2019

最近不都流行端口封禁了吗,估计是意识到误伤太严重,不直接banip了吧,勤换端口基本没什么问题吧,感觉这几个月都挺安静的 发自我的 iPhone 在 2019年2月27日,上午9:04,ixubin <notifications@github.commailto:notifications@github.com> 写道: 个人表示我这边一直能用 — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#988 (comment)>, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AOP-q4VryWkxgISkSS8q53UzfRbxGB76ks5vRdmOgaJpZM4P0j-b.

我的跪了

@toruksmakto

This comment has been minimized.

Copy link

commented Mar 1, 2019

28388 端口号被封杀了,改了端口号又可以用 ,不知道会不会又封;这帮垃圾,居然粗暴地通过端口号拦截,万一别人要商用呢?

@ixubin

This comment has been minimized.

Copy link

commented Mar 3, 2019

个人表示我这边一直能用

我收回自己的话,我的也被封了。但是根据我的检测,他们封的是端口不是ip,所以理论上你换个端口应该还能用。

@yiyingcanfeng

This comment has been minimized.

Copy link

commented Mar 6, 2019

个人表示我这边一直能用

我收回自己的话,我的也被封了。但是根据我的检测,他们封的是端口不是ip,所以理论上你换个端口应该还能用。

我的用了都快一年了,一直都好好的,一直到最近这几天,都换了2个端口了,难受~

@JungleT

This comment has been minimized.

Copy link

commented Mar 8, 2019

个人表示我这边一直能用

我收回自己的话,我的也被封了。但是根据我的检测,他们封的是端口不是ip,所以理论上你换个端口应该还能用。

我的用了都快一年了,一直都好好的,一直到最近这几天,都换了2个端口了,难受~

我最近也已经换了两个端口了。。。

@McContax

This comment has been minimized.

Copy link

commented Mar 8, 2019

@Bigfoot0007

This comment has been minimized.

Copy link

commented Mar 9, 2019

不会吧,我被封的是IP。直接连SSH都无法访问了。你用的是哪里的VPS?

@McContax

This comment has been minimized.

Copy link

commented Mar 9, 2019

总感觉墙的识别角度很刁钻,针对翻墙的,传统机场肯定是一个海外服务器然后连过去直接翻墙,当用户流量大了,用户数量多了,基本就把你判了死刑了,但是在国内加个服务器haproxy转发的话,就变成单用户大流量,我在用这种方法,已经撑过几年的两会了,后来我想了一下。我觉得不是GFW有抓包然后分析出成果的能力,想一下,我们日常生活用到外网的情况基本有哪些呢?玩游戏的连续性低流量,看网页的高流量但是一断一断的,但是翻墙去看视频了基本就是持续性的高流量,如果还是来自全国各地的IP访问到这个地址那就更明显了。

@McContax

This comment has been minimized.

Copy link

commented Mar 9, 2019

而且服务器我还是推介阿里的,因为他的自查机制导致GFW不会对他的IP强行安排,但是怎么把自己伪装起来就要各位见仁见智了

@yiyingcanfeng

This comment has been minimized.

Copy link

commented Mar 9, 2019

总感觉墙的识别角度很刁钻,针对翻墙的,传统机场肯定是一个海外服务器然后连过去直接翻墙,当用户流量大了,用户数量多了,基本就把你判了死刑了,但是在国内加个服务器haproxy转发的话,就变成单用户大流量,我在用这种方法,已经撑过几年的两会了,后来我想了一下。我觉得不是GFW有抓包然后分析出成果的能力,想一下,我们日常生活用到外网的情况基本有哪些呢?玩游戏的连续性低流量,看网页的高流量但是一断一断的,但是翻墙去看视频了基本就是持续性的高流量,如果还是来自全国各地的IP访问到这个地址那就更明显了。

不会吧,我被封的是IP。直接连SSH都无法访问了。你用的是哪里的VPS?

美国洛杉矶的节点

@devon-ge

This comment has been minimized.

Copy link

commented Mar 9, 2019

讲道理,端口封换端口,也就改配置文件;ip封了就开新server,配合一键部署脚本,几分钟的事情了。这种情况下计时收费的vps有优势。VPN从来不用

@Bigfoot0007

This comment has been minimized.

Copy link

commented Mar 10, 2019

其实完全做到是不难的,我们需要修改一下我们SS即可,我的想法是:

国内PC --HTTPS--> 到ali的某个IP --(HTTPS协议) --> 国外的VPS --> (Google,Youtube...)

等于跳转两次即可。根据SS的源码和TCP原理,这个应该能搞定。

@ixubin

This comment has been minimized.

Copy link

commented Mar 11, 2019

目前封的只是端口,而不是ip。我重新换了一个端口,已经可以用了。

@Soram-jxx

This comment has been minimized.

Copy link

commented Mar 12, 2019

个人表示我这边一直能用

我收回自己的话,我的也被封了。但是根据我的检测,他们封的是端口不是ip,所以理论上你换个端口应该还能用。
我的也是被封了两个端口了,但是我不太明白是什么封的端口。能解释下吗?

@Aster-the-Med-Stu

This comment has been minimized.

Copy link

commented Mar 13, 2019

同志们,我申请的是相关的VPS,使用过SS, 被警告了,咨询阿里后说,不允许国内主机通过香港VPS访问Google,youtube之类的,于是我就做个测试,直接让香港的VPS访问youbute,VPS不做SS。结果仍然被查。因此这一定是阿里的行为。

记得删 Aegis 那堆东西……同样香港阿里云,轻量,删了以后我到现在都没事。 @Bigfoot0007

@fortuna

This comment has been minimized.

Copy link

commented Mar 13, 2019

I put together an EXPERIMENTAL tool that can differentiate a block by IP from a block by port. I hope you find it useful: https://fortuna-outline-connectivity.netlify.com/

It's based on the steps here: https://www.reddit.com/r/outlinevpn/comments/9z9951/steps_to_troubleshoot_access_to_outline_servers/

@luvvien

This comment has been minimized.

Copy link

commented Mar 14, 2019

大家可以试一下Google出品的outline ,ssr具有混淆功能 不容易被查出封ip 一键搭建ssr ,推荐使用文中的服务商买服务器(送50刀余额)

@ixubin

This comment has been minimized.

Copy link

commented Mar 15, 2019

大家还是不要在这个项目里讨论了,这个页面他们(中国法西斯)也会看到,咱们的交流会给他们提供线索,从而进一步加强长城防火墙功能的。

@luvvien

This comment has been minimized.

Copy link

commented Mar 15, 2019

大家还是不要在这个项目里讨论了,这个页面他们(中国法西斯)也会看到,咱们的交流会给他们提供线索,从而进一步加强长城防火墙功能的。

你这么说可能会被请去drink tea哈哈

@luvvien

This comment has been minimized.

Copy link

commented Mar 15, 2019

用学术界的海盗湾啊。
https://sci-hub.cc/http://ieeexplore.ieee.org/document/8048116/

打开不开啊 铁子 我想看原文

@ixubin

This comment has been minimized.

Copy link

commented Mar 15, 2019

我也已经被封了两个端口了。

@Aster-the-Med-Stu

This comment has been minimized.

Copy link

commented Mar 15, 2019

@luvvien 友情提醒:API Access Token 暴露

sci-hub.cc 好像被干掉了,用 sci-hub.tw

@luvvien

This comment has been minimized.

Copy link

commented Mar 15, 2019

@luvvien 友情提醒:API Access Token 暴露

sci-hub.cc 好像被干掉了,用 sci-hub.tw

api access token 是哪个?

@hanayashiki

This comment has been minimized.

Copy link

commented Mar 16, 2019

I put together an EXPERIMENTAL tool that can differentiate a block by IP from a block by port. I hope you find it useful: https://fortuna-outline-connectivity.netlify.com/

It's based on the steps here: https://www.reddit.com/r/outlinevpn/comments/9z9951/steps_to_troubleshoot_access_to_outline_servers/

Thank you sir!

@hanayashiki

This comment has been minimized.

Copy link

commented Mar 16, 2019

I put together an EXPERIMENTAL tool that can differentiate a block by IP from a block by port. I hope you find it useful: https://fortuna-outline-connectivity.netlify.com/

It's based on the steps here: https://www.reddit.com/r/outlinevpn/comments/9z9951/steps_to_troubleshoot_access_to_outline_servers/

There is a problem, you seem to use fonts.googleapis.com as your resources, which cannot be accessed from China. Although the page is accessible, the css styles are lost. May you switch to local resources? Thank you.

@asbai

This comment has been minimized.

Copy link

commented May 4, 2019

@McContax 为啥用 HAProxy 那,这种简单的端口转发直接用 iptable 纯 Kernel mode 效率最高吧应该?

@McContax

This comment has been minimized.

Copy link

commented May 5, 2019

@asbai 我举个例子而已,我已经好长时间没自建服务器了,haproxy是我以前iPhone没办法用ss的时候我试过的方法,用自带vpn连到阿里云去,在阿里云上面中转ss,用的就是haproxy。不过那时候知识受限,只是网上扒教程就照办了,其实只要是转发都没问题的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.