Replies: 11 comments 34 replies
-
It is just an independent case. It would be more helpful if you can provide some of the information about why the port was getting blocked, such as When it was blocked:
|
Beta Was this translation helpful? Give feedback.
-
For those who think the way the server responds to active probing or replay is the cause of blocking, please try https://github.com/database64128/shadowsocks-go with
|
Beta Was this translation helpful? Give feedback.
-
Maybe fast_open is the culprit? TCP Fast Open isn't in widespread use. |
Beta Was this translation helpful? Give feedback.
-
My IP has been blocked for a second time today. (Last time on 19 Aug) I noticed a similar behaviour, immediately before my IP was actually blocked, I started to have trouble accessing https://www.google.com, Firefox started showing PR_CONNECT_RESET_ERROR. However, https://www.google.com.jp or https://www.google.com.au works perfectly fine. (This is not a network congestion issue since my server is connected via CN2 Gia with 0% packet loss) Both time after some kind of connection interference, the IP was blocked. I did have TCP fast open and TCP NODELAY turned on. I also noticed that if I turn off TCP NODELAY, PR_CONNECT_RESET_ERROR will disappear. Don't know if this information can be useful for others... |
Beta Was this translation helpful? Give feedback.
-
加了qtun plugin,今天又开始用ss,看看这次会不会被发现 |
Beta Was this translation helpful? Give feedback.
-
你们没有试过加个白名单么?比如,只允许自己家的Ip连过来。 |
Beta Was this translation helpful? Give feedback.
-
白名单这个我试过了,我讲一下我实现的细节和代码:
整体实现大概就是这样:
曾经的自信之作。 这个别说是主动探测了,这个就算是DDOS都能被丢到黑洞里去。temporary-allow一直是空的,所以所有探测流量都是DROP,只有我想用的时候绕路通过cloudflare访问网页添加临时IP,否则这就是一个空IP。 2022-blake3-aes-256-gcm,完全自用,主要用途就是看youtube的视频,或者github。去年这个时候,没挺过一个星期,IP被认证了3个月,已经被搞怕了。 已经把所有能DROP的流量全DROP了,照旧抵挡不住gfw。我的心态已经输了。 |
Beta Was this translation helpful? Give feedback.
-
The same thing happened yesterday here after running stably for a long time.
|
Beta Was this translation helpful? Give feedback.
-
AEAD encryption, including the 2022-blake3-aes-256-gcm method, provides strong security but doesn’t guarantee invisibility. Using port 3306 (MySQL) might attract attention. Many firewalls identify unusual data on standard ports. It's likely that a DPI (Deep Packet Inspection) system detected abnormal activity on port 3306. |
Beta Was this translation helpful? Give feedback.
-
Change the Port: Use a less obvious port for DPI detection, such as 443 (HTTPS). This makes traffic harder to analyze. |
Beta Was this translation helpful? Give feedback.
-
Fast Open: Consider disabling fast_open as its usage might reveal your activity. |
Beta Was this translation helpful? Give feedback.
-
前几天开始用2022-blake3-aes-256-gcm,用的3306端口,今天早晨发现被墙了。大概只用了1周的时间
AEAD还是没办法解决被发现的问题么?
下面是配置文件
Beta Was this translation helpful? Give feedback.
All reactions