top | item 37074473 (no title) Multrex | 2 years ago Can someone ELI5 how they identify VPN at the protocol level? discuss order hn newest ytch|2 years ago For the case in China, they use statistics, entropy of packets (may not an accurate term) and other DPI-like methods[1],also HN discussions of it[2]:[1] https://gfw.report/publications/usenixsecurity23/en/[2] https://news.ycombinator.com/item?id=36531485 vbezhenar|2 years ago DPI. Popular VPN protocols are easily identified by first connection packet signature. littlestymaar|2 years ago Wasn't Wireguard explicitly designed to avoid that? (IIRC it took lots of inspiration from state of the art data exfiltration methods used by malware) load replies (4) inrussianow|2 years ago INAE, but I think they sniff the initial handshake the protocols have and then drop subsequent packets.
ytch|2 years ago For the case in China, they use statistics, entropy of packets (may not an accurate term) and other DPI-like methods[1],also HN discussions of it[2]:[1] https://gfw.report/publications/usenixsecurity23/en/[2] https://news.ycombinator.com/item?id=36531485
vbezhenar|2 years ago DPI. Popular VPN protocols are easily identified by first connection packet signature. littlestymaar|2 years ago Wasn't Wireguard explicitly designed to avoid that? (IIRC it took lots of inspiration from state of the art data exfiltration methods used by malware) load replies (4)
littlestymaar|2 years ago Wasn't Wireguard explicitly designed to avoid that? (IIRC it took lots of inspiration from state of the art data exfiltration methods used by malware) load replies (4)
inrussianow|2 years ago INAE, but I think they sniff the initial handshake the protocols have and then drop subsequent packets.
ytch|2 years ago
also HN discussions of it[2]:
[1] https://gfw.report/publications/usenixsecurity23/en/
[2] https://news.ycombinator.com/item?id=36531485
vbezhenar|2 years ago
littlestymaar|2 years ago
inrussianow|2 years ago