全球主机交流论坛

标题: V.P.N在中国被全面攻破, 中国的高大上防火墙荣誉升级, 好... [打印本页]

作者: zhukai1010 时间: 2015-1-23 14:11
标题: V.P.N在中国被全面攻破, 中国的高大上防火墙荣誉升级, 好...
Foreign 扶墙 service unavailable in China
Great Firewall has been upgraded for cyberspace sovereignty: source
By Cao Siqi
Cyber security analysts on Thursday defended China's Internet management after an overseas 扶墙 (virtual private network) company on Wednesday announced some of its users in China have been unable to use the service since an upgrade of the Great Firewall, China's Internet infrastructure.
Cyber services should observe the network governance of the country for safety, analysts urged.
Astrill claimed in a Wednesday notice that since this year, 扶墙 protocols used on iOS devices, including IPSec, L2TP/IPSec and PPTP, are not accessible in China in almost real-time.
An anonymous service support employee said Thursday that only iOS devices were affected while other devices like Macbook worked fine as they use different protocols.
"It is because of the Great Firewall upgrade, and unfortunately, we can't tell you the exact time [about how long it will last]," said the employee, adding that the company has other solutions.
Many iPhone users were shocked to find that they could not log into their FB and 推特 accounts although they have bought Astrill's 扶墙 service.
Whether to block 扶墙 services and how to block them are closely related to the country's ability of network governance, Qin An, a cyber security expert at the China Institute for Innovation and Development Strategy, told the Global Times Thursday.
"Authorities apparently cannot ignore those services as they affect our cyberspace sovereignty. For instance, a shortcut has to be blocked since it could be used for some ulterior purposes although it might affect others who use it in a right way," said Qin.
A cyber security analyst previously pointed out that companies running a 扶墙 business in China must register with the Ministry of Industry and Information Technology, and unregistered 扶墙 service providers are not protected by Chinese laws.
A free 扶墙 provider fqrouter also said on its official 推特 account on January 8 that the service of fqrouter has officially closed.
Separately, 扶墙 Tech Runo announced on January 5 that many of its IP addresses and users in some areas with L2TP protocol have not been accessible in China since December 31.
"The Great Firewall is blocking the 扶墙 on the protocol level. It means that the firewall does not need to identify each 扶墙 provider and block its IP addresses. Rather, it can spot 扶墙 traffic during transit and block it," one of the founders of an overseas website which monitors the Internet in China told the Global Times Thursday via e-mail.
In recent years, more and more Chinese Net users are seeking alternatives to surf the Internet outside the Great Firewall by using mirror websites or 扶墙s.
Some Astrill 扶墙 users reached by the Global Times Thursday said that the firewall update has also led to a price increase of 扶墙 services. One said Thursday that another 扶墙 service he bought a week ago increased its price by 60 yuan ($9.6) Wednesday to 240 yuan per year.

来源：英文版人民网http://en.people.cn/n/2015/0123/c90882-8840092.html

作者: junhan 时间: 2015-1-23 14:12
可以翻译一下吗，

作者: 雨宫音羽 时间: 2015-1-23 14:13

By Cao Siqi

国人写的。。。

作者: hostvps 时间: 2015-1-23 14:16
假消息，刚才我还泰国V P N登录本站呢

作者: 雨宫音羽 时间: 2015-1-23 14:20
本帖最后由雨宫音羽于 2015-1-23 14:28 编辑

针对L2TP和L2TP/IPSec的干扰早就有了。。

纯L2TP不加密因此连上并访问被墙网站就会被中断连接

L2TP/IPsec同服务器的尝试连接次数到达一定程度也会干扰新连接的握手

这是迟早的事情谁让这些协议特征太明显。。目前的方向都是在往无特征或者伪装特征发展的...
================
看了下来源。。我才发现来源是亮点。。尼玛人民网...

全面被封还不至于虽然现在确实不少老协议都不同程度的不好使了但是还有很多新生协议非常坚挺

作者: 爱国者捣蛋 时间: 2015-1-23 14:22
本帖最后由爱国者捣蛋于 2015-1-23 14:24 编辑

不就是一家卖扶墙的公司的服务器跪了么……这不正常么……
看出错了，不只一家

作者: usa 时间: 2015-1-23 14:59

【中国屏蔽外国扶墙服务！】《环球时报》报道，中国已开始屏蔽外国扶墙服务。扶墙供应商Astrill通知用户，因防火长城升级，使用IPSec、L2TP/IPSec和PPTP协议的设备无法访问它的服务，受影响的主要是iOS设备。中国工信部曾规定，在中国提供扶墙服务的公司必须登记，否则将"不受中国法律的保护"。

复制代码

作者: hostvps 时间: 2015-1-23 15:10

雨宫音羽发表于 2015-1-23 14:20
针对L2TP和L2TP/IPSec的干扰早就有了。。

纯L2TP不加密因此连上并访问被墙网站就会被中断连接

新生的有哪些？

作者: 雨宫音羽 时间: 2015-1-23 15:15

hostvps 发表于 2015-1-23 15:10
新生的有哪些？

SSTP SigmaV.P.N等等。。。

作者: andywxb 时间: 2015-1-23 15:19
用Open的会被干扰，G.F.W.的原则就是我分析不了的就block，反而用不加密的PPTP还很正常，反正不做违法的事，翻翻上上网他们是不会管你的。

作者: 你妈挂辣 时间: 2015-1-23 15:23
提示: 作者被禁止或删除内容自动屏蔽

作者: hostvps 时间: 2015-1-23 15:30

雨宫音羽发表于 2015-1-23 15:15
SSTP SigmaV.P.N等等。。。

SSTP也被干扰了，而且安卓和ios还不能用，SigmaV.P.N很久没有更新了，我感觉ocser架设Cisco AnyConnect（支持Windows, Mac OS X, Linux, Apple iOS, and Android）兼容V P N才是出路

作者: 雨宫音羽 时间: 2015-1-23 15:32

andywxb 发表于 2015-1-23 15:19
用Open的会被干扰，G.F.W.的原则就是我分析不了的就block，反而用不加密的PPTP还很正常，反正不做违法的事 ...

OpenV.PN主要是证书模式时握手有特征，糊掉就完事了

不加密的PPTP。。呵呵....反正不加密的L2TP连U2B都看不了

分析不了的就Block，墙确实有这个暴力模型，但是小范围的使用是触发不了的

另外你PPTP就算能过墙因为协议太明显，到时候被封就不是不能扶墙，整个IP都会给干掉...

作者: 雨宫音羽 时间: 2015-1-23 15:36
本帖最后由雨宫音羽于 2015-1-23 15:38 编辑

hostvps 发表于 2015-1-23 15:30
SSTP也被干扰了，而且安卓和ios还不能用，SigmaV.P.N很久没有更新了，我感觉ocser架设Cisco AnyConnect（ ...

“等等”好东西我才不想说出去。。

SSTP被干扰那么HTTPS就完蛋了，主要是架设的问题吧，例如证书自签名等。也可能是墙的Probe

作者: hostvps 时间: 2015-1-23 15:38

雨宫音羽发表于 2015-1-23 15:36
“等等”好东西我才不想说出去。。

SSTP被干扰那么HTTPS就完蛋了，主要是架设的问题吧，例如证书自签名 ...

443端口被干扰

作者: 雨宫音羽 时间: 2015-1-23 15:42

hostvps 发表于 2015-1-23 15:38
443端口被干扰

目前还没怎么观察到443端口的干扰问题。。

不过我也没架设过SSTP，不喜X软的东西

作者: 恢复自我 时间: 2015-1-23 15:42
为啥我的一直是正常的

作者: rockchen188 时间: 2015-1-24 14:13
最近墙ip不是很正常吗.

作者: Owl 时间: 2015-1-24 14:17
一直不明白国内的扶墙、加速器提供商就没有被封。

作者: 真麻烦 时间: 2015-1-24 16:10
瞎扯吧。一直挂着pptp都很正常。

作者: xiasl 时间: 2015-1-24 17:15
用S5被拦截的可能性很低的。

作者: hongwei 时间: 2015-1-24 17:16
连不上了

作者: ali727 时间: 2015-1-24 17:35

andywxb 发表于 2015-1-23 15:19
用Open的会被干扰，G.F.W.的原则就是我分析不了的就block，反而用不加密的PPTP还很正常，反正不做违法的事 ...

你签名无法打开。

作者: andywxb 时间: 2015-1-24 18:08

ali727 发表于 2015-1-24 17:35
你签名无法打开。

因为国内网络封掉了，要用https才可以了，晚点要全站修改为https了，真是烦啊。

作者: flylight 时间: 2015-1-24 18:56
现在还有哪些是坚挺的？

欢迎光临全球主机交流论坛 (https://443502.xyz/)