Hello, On 08/15/2012 11:20 PM, Jacob Appelbaum wrote: > Eric S Johnson: >> Yes-they stopped doin packet inspection in about 2008, near as I can tell. > > Philipp Winter and Stefan Lindskog's work from FOCI demonstrates their > deep packet inspection is current and ongoing: > > https://www.usenix.org/conference/foci12/how-great-firewall-china-blocking-tor
Reading quickly this paper's paragraph regarding obfsproxy and the fact that the GFC sends a spoofed RST to the client (Chinese-side) in order to make it disconnect from the obfsproxy-tor bridge, it makes me remember what a friend of mine told me he was doing when he was in China some time ago: he had a VPN which got disconnected with this same spoofed RST technique, and he just added an iptables rule to block RST packets coming from his VPN endpoint's IP, and it works. It's a bit dirty but apparently gave a satisfactory result. Sorry is this contribution is totally useless :) KheOps
_______________________________________________ liberationtech mailing list [email protected] Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
