Intensive Shadowsocks blocking in China since mid-September

[wkrp]

There are reports of a sudden increase in the blocking of Shadowsocks servers accessed from China. It sounds like it begain, suddenly and noticeably, on September 16 or September 17. From what I can gather, servers are getting blocked (by IP address) within about 30 minutes of being connected to from China—but I don't know if that's consistent across all servers, only some of them, or what. I don't really know any specifics.

There are some threads on Reddit /r/shadowsocks:

• 2019-09-21 PSA: Vultr confirms "almost if not all servers blocked in China"
• 2019-09-29 Shadowsocks protocol is being detected and blocked in China.

The shadowsocks-windows issue tracker also may have some discussion, but it's mostly in Chinese and harder for me to judge.

• 2019-10-07 No Network in Shadowsocks, long time...

  I was so happy with Shadowsocks until the end of September. I live and work in China and saw Netflix. Nothing works anymore ...

Here's a post about a SOCKS proxy service mentioning increased blocking:

• 2019-09-24 Just My Socks 已默认启用 aes-256-gcm 加密

  Due to the National Day the GFW is currently very aggressive. To mitigate this, we are testing multiple approaches, and we are disabling certain features on servers 2-5.

Are any other protocols or circumvention systems being affected, besides Shadowsocks? I looked at the recent Tor metrics from China and I don't see anything significant on September 16. But the number of users of obfs4, which is the pluggable transport most similar to Shadowsocks, was already close to 0, so it's hard to say whether anything changed.

Here's a thread from 2017 on a similar topic. And a report also from 2017 that Shadowsocks, Lantern, and Psiphon were affected in October of that year.

[sergeyfrolov]

I know of at least one way to reliably detect shadowsocks, and I can share the method with you privately.

[ValdikSS]

@sergeyfrolov I'm interested in this information too, if you don't mind.

[fortuna]

I have hard evidence of Outline servers being probed on a regular basis around 12-14h after traffic from China starts. We have many users successfully using Outline in China, but also reports of servers being blocked quickly. I’m interested in experimenting and learning more what’s actually happening.

[Ricardocp96]

@fortuna i have been using outline servers very successfully until mid this September where the server was blocked via ip address after some minutes of connecting. had to create new servers via outline manager but yet again the servers would be detected and blocked

[wkrp]

A report today says that the recent blocking of Shadowsocks may be because of active probing by the GFW: https://gfw.report/blog/gfw_shadowsocks/ (also here as #22).

However, the capability to active-probe Shadowsocks may be older than 2019-09-16. We had a case in our logs from June/July 2019 that was consistent with the recent active probes. It's possible that the ability to probe Shadowsocks has been in development for a while, but only became widely deployed in mid-September 2019. The evidence is somewhat ambiguous, because as the report says, some Shadowsocks servers were not blocked, despite being probed.