Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
FEDKOTV2018-12-29 16:23:59
Computer networks
FEDKOTV, 2018-12-29 16:23:59

The provider is blocking access to the site, help me?

It's been almost a year now that my country has been blocking access to several sites, and since the provider belongs to the state, he finds excuses in the form of problems on the side of the resources themselves. For a year now, residents of the country have been trying to access sites by downloading various VPN applications on their smartphones or browser extensions, thereby cluttering up their devices.
And in search of getting rid of this ailment, I dared to go against the provider and decided to download an application for traffic analysis on my phone - PacketCapture. I installed the program, after - the proposed certificate, then allowed me to create a VPN connection for sniffing, started sniffing traffic for chrome and ... Oh my god! I have earned a resource! I decided to check the IP, but no, everything is in place.
I decided to go through the off application of the resource - unfortunately it did not work here. But on the other hand, I got a probable error in PacketCapture, which the site issues when accessing it - that was HTTP 204 No content.
A problematic resource is a foreign YouTube, Facebook and several other sites. But the first two are in demand in my country.
Poryskav in Habré found a topic about DPI, but did not get to the bottom of it. there is no PC at hand, only a rooted android, and it was not possible to implement the manipulations that are described in the article.
I ask you to give me some advice on where to look, I ask the enlightened to tell me how it turned out that, as I understand it, the local VPN allowed me to surf on a resource blocked at the provider level.
As I understand it, I'm on the right track since I was able to achieve such (well, in my case) success. How to continue, how to bring it to perfection in order to finally resolve the current situation with this ghostly Internet censorship.
Ghostly - because no one wants to say why the sites are blocked.
Thanks in advance to all unsubscribed
PS When you log in to the YouTube site normally, the browser receives a response from the server - 204 No content. Similarly, through the native
PPS application. Of course, VPN services resolve the situation, but still I wanted to resolve the issue in such a way that I would turn it on and forget it, or at least not install a bunch of VPN applications that, by the way, the provider willingly blocks and exposes itself innocent again.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
athacker, 2018-12-30
@FEDKOTV

1) "Why did it happen" - most likely, your provider uses a blocking scheme with analysis of the request from the client, and if the resource is from the block list, then a TCP RST packet is sent to the client, after which the client application closes the connection. Then a real response comes from the site, but since the site is farther than the provider's equipment, by this moment the situation is as follows: the client received a fake TCP RST packet from the DPI system, supposedly from the site to which he accessed; the client dropped the connection; the incoming response from the site is simply rejected by the client system, because from the point of view of the system, it does not apply to any of the established connections.
After enabling the local VPN connection to intercept all traffic for analysis, it is most likely that the fake TCP RST from DPI to the client is dropped by the application. I briefly looked at the description of PacketCapture, it seems like even changes to transit packets can be made according to a template, so it may well be that either a mechanism is provided for ignoring supposedly fake TCP RSTs, or this is a side effect of some other PacketCapture functionality.
2) What to do to make everything work - here you have already been explained. VPS outside the controlled perimeter, followed by setting up Internet access through this VPS. Implementation options - darkness. These are VPN, and raised SSH tunnels that proxy the port of some Squid to the client, and sshuttle, and much, much more.

Report
C
CityCat4, 2018-12-29
@CityCat4

the simplest and most secure way is VPS in Europe and VPN before it. The provider can block in a variety of ways - from banal DNS spoofing (as my provider does) to bumping everything in the world and spoofing packets going in the "wrong" direction.
In order not to understand all this, a VPS is taken, a VPN is installed - and voila. For private VPNs, they don’t charge for the gills yet. Till. (Well, I'm talking about Russia, as in other countries I don't know)

Report
V
Vadim Andreevich, 2019-01-03
@VaInDis

A VPN is here to help, oh young padawan. ;)

Similar questions
M
michydev2020-03-25 19:19:42
Should a layout designer write logic, such as a currency exchange calculator? 7Reply
W
winbackgo2017-08-23 13:21:26
Proxmox - how to add an additional public ip from another visit? 1Reply
N
Nikolay2017-08-26 08:46:03
How to set up usb modem zte mf710m? 2Reply
Z
zergon3212017-08-27 14:47:33
Why doesn't self-written tracert work? 1Reply
D
Danil Andreev2017-08-28 12:13:49
How to understand what equipment the provider uses in the house? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question