undefined | Better HN

0 pointskccqzy8mo ago0 comments

Tunneling via SSH (ssh -D) is super easy to detect. The government doesn't need any sophisticated analysis to tell SSH connections for tunneling from SSH connections where a human is typing into a terminal.

Countries like China have blocked SSH-based tunneling for years.

It can also block sessions based on packet sizes: a typical web browsing session involves a short HTTP request and a long HTTP response, during which the receiving end sends TCP ACKs; but if the traffic traffic mimics the above except these "ACKs" are a few dozen bytes larger than a real ACK, it knows you are tunneling over a different protocol. This is how it detects the vast majority of VPNs.

0 comments

mnw21cam8mo ago

One alternative would be to set up a VPS, run VNC on it, run your browser on that to access the various web sites, and connect over an SSH tunnel to the VNC instance. Then it actually is an interactive ssh session.

galaxy_gas8mo ago

Anything more then small text bandwidth use is also detected . Not about interactivity instead this case

beeflet8mo ago

You could just run links or some text-based browser on the other side.

Perhaps you could also write a script that would mimic typing over the link.

Havoc8mo ago

>Tunneling via SSH (ssh -D) is super easy to detect.

Mind elaborating on a how level how they'd distinguish? Just volume of it?

kccqzyOP8mo ago

More like ML classification based on packet sizes and time deltas.

j / k navigate · click thread line to collapse