分类| 翻墙播报

关于GFW审查eD2k协议的相关内容汇总

不知道大家有没发现,近这一两年来eMule连接eD2k服务器非常困难?
没错,那是因为eD2k协议遭到的GFW的干扰和封锁!

昨天的文章 https://plus.google.com/100358287882745531104/posts/graVczcZeN7 已经介绍过GFW拦截具备迷惑协议的连接,目的就是要审查eMule与其连接的eD2k服务器之间的通讯。
经 +Ryan Wu 提醒测试了下,发现一个令人遗憾的事实: GFW已经具备对eMule搜索关键词的审查了……

以下是测试报告:


图 中1所示,客户端向服务器端 filex-lport/1887端口 发送搜索文件的请求,图中3所示是传送的内容:e3:0a:00:00:00:16:01:06:00:e6:b5:8b:e8:af:95 ,其中 e6:b5:8b:e8:af:95 是“测试”的UTF-8的十六进制编码,显然“测试”是敏感词之一;
留意图中3所示,20ms后马上收到3个RST包: SEQ1+1460=SEQ2+2920=SEQ3 ,确认是GFW发送的伪造数据包,而这3个数据包是从 filex-lport/1887端口 发送过来的, 可以确定是GFW针对上述文件搜索查询而进行的重置
也就是说,eMule客户端使用迷惑协议连接至境外服务器时会立即被GFW重置连接,迫使客户端使用普通连接重新连接境外服务器;而此时若客户端向境外服务器发送文件搜索查询,GFW会审查搜索的关键词,若发现存在敏感词则马上将连接重置,从而使客户端无法得到搜索结果。
所以eMule里文件搜索最后一根救命稻草就是Kad网络了……

以下是部分对应时间轴的日志:
01:15: 正连接到 UsenetNL.biz No1 (91.225.136.126:1887 – 支持迷惑协议) …
01:16: 连接到[Server],发送登陆请求
01:16: [Server]可能到达最大客户连接数了(被GFW连接重置迷惑协议握手)
01:16: 正在连接到[Server]…
01:16: 连接到[Server],发送登陆请求
01:18: 连接建立于:[Server](客户端与服务器建立普通连接)
01:18: received an IP: ……, NAFC-Adapter will be checked
01:18: 新的客户ID为 ……
01:24: 失去与[Server]的连接(搜索敏感词,GFW重置客户端与服务器的连接)

eMule-Keyword-RESET-Bag

这个帖子的作者是:

- who has written 713 posts on 翻墙ok.


联系作者

2 Responses to “关于GFW审查eD2k协议的相关内容汇总”

Trackbacks/Pingbacks

  1. […] 原文:http://fqok.org/?p=3176 获取最新穿墙软件?请发电邮(最好用gmail)到:cdtcaonima@gmail.com。《中国数字时代》开通IPv6,欢迎穿墙阅读。翻越防火长城,你可以到达世界上的每一个角落。(Across the Great Firewall, you can reach every corner in the world.)翻墙利器赛风3下载地址: http://dld.bz/caonima326 […]

  2. […] 失去与[Server]的连接(搜索敏感词,GFW重置客户端与服务器的连接) 原文:http://fqok.org/?p=3176 Author Xiao NiuPosted on September 3, […]


Leave a Reply


Verify Code   If you cannot see the CheckCode image,please refresh the page again!
advert

年历

2018年四月
« 3月    
 1
2345678
9101112131415
16171819202122
23242526272829
30  

友好链接

PHVsPjxsaT48c3Ryb25nPndvb19hZF9pbWFnZV8xPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMTI1eDEyNS0xLmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX2ltYWdlXzI8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy0xMjV4MTI1LTIuZ2lmPC9saT48bGk+PHN0cm9uZz53b29fYWRfaW1hZ2VfMzwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9hZHMvd29vdGhlbWVzLTEyNXgxMjUtMy5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF9pbWFnZV80PC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tL2Fkcy93b290aGVtZXMtMTI1eDEyNS00LmdpZjwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX21wdV9hZHNlbnNlPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fYWRfbXB1X2Rpc2FibGU8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX21wdV9pbWFnZTwvc3Ryb25nPiAtIGh0dHA6Ly9mcW9rLm9yZy8zMDB4MjUwYS5qcGc8L2xpPjxsaT48c3Ryb25nPndvb19hZF9tcHVfdXJsPC9zdHJvbmc+IC0gaHR0cDovL2Zxb2sub3JnPC9saT48bGk+PHN0cm9uZz53b29fYWRfdG9wX2Fkc2Vuc2U8L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19hZF90b3BfZGlzYWJsZTwvc3Ryb25nPiAtIHRydWU8L2xpPjxsaT48c3Ryb25nPndvb19hZF90b3BfaW1hZ2U8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb20vYWRzL3dvb3RoZW1lcy00Njh4NjAtMi5naWY8L2xpPjxsaT48c3Ryb25nPndvb19hZF90b3BfdXJsPC9zdHJvbmc+IC0gaHR0cDovL2Zxb2sub3JnPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzE8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZF91cmxfMjwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbTwvbGk+PGxpPjxzdHJvbmc+d29vX2FkX3VybF8zPC9zdHJvbmc+IC0gaHR0cDovL3d3dy53b290aGVtZXMuY29tPC9saT48bGk+PHN0cm9uZz53b29fYWRfdXJsXzQ8L3N0cm9uZz4gLSBodHRwOi8vd3d3Lndvb3RoZW1lcy5jb208L2xpPjxsaT48c3Ryb25nPndvb19hZHNfcm90YXRlPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19hbHRfc3R5bGVzaGVldDwvc3Ryb25nPiAtIGxpZ2h0Ymx1ZS5jc3M8L2xpPjxsaT48c3Ryb25nPndvb19hdXRob3I8L3N0cm9uZz4gLSBmYWxzZTwvbGk+PGxpPjxzdHJvbmc+d29vX2F1dG9faW1nPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19jYXJvdXNlbF9oZWlnaHQ8L3N0cm9uZz4gLSAyNzA8L2xpPjxsaT48c3Ryb25nPndvb19jdXN0b21fY3NzPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fY3VzdG9tX2Zhdmljb248L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19mZWF0X2VudHJpZXM8L3N0cm9uZz4gLSA2PC9saT48bGk+PHN0cm9uZz53b29fZmVhdHVyZWRfY2F0ZWdvcnk8L3N0cm9uZz4gLSBTZWxlY3QgYSBjYXRlZ29yeTo8L2xpPjxsaT48c3Ryb25nPndvb19mZWVkYnVybmVyX2lkPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29fZmVlZGJ1cm5lcl91cmw8L3N0cm9uZz4gLSA8L2xpPjxsaT48c3Ryb25nPndvb19nb29nbGVfYW5hbHl0aWNzPC9zdHJvbmc+IC0gPC9saT48bGk+PHN0cm9uZz53b29faG9tZTwvc3Ryb25nPiAtIHRydWU8L2xpPjxsaT48c3Ryb25nPndvb19ob21lX3RodW1iX2hlaWdodDwvc3Ryb25nPiAtIDEwOTwvbGk+PGxpPjxzdHJvbmc+d29vX2hvbWVfdGh1bWJfd2lkdGg8L3N0cm9uZz4gLSAxMDA8L2xpPjxsaT48c3Ryb25nPndvb19pbWFnZV9zaW5nbGU8L3N0cm9uZz4gLSB0cnVlPC9saT48bGk+PHN0cm9uZz53b29fbG9nbzwvc3Ryb25nPiAtIDwvbGk+PGxpPjxzdHJvbmc+d29vX21hbnVhbDwvc3Ryb25nPiAtIGh0dHA6Ly93d3cud29vdGhlbWVzLmNvbS9zdXBwb3J0L3RoZW1lLWRvY3VtZW50YXRpb24vZ2F6ZXR0ZS1lZGl0aW9uLzwvbGk+PGxpPjxzdHJvbmc+d29vX3Jlc2l6ZTwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29fc2hvcnRuYW1lPC9zdHJvbmc+IC0gd29vPC9saT48bGk+PHN0cm9uZz53b29fc2hvd19jYXJvdXNlbDwvc3Ryb25nPiAtIHRydWU8L2xpPjxsaT48c3Ryb25nPndvb19zaG93X3ZpZGVvPC9zdHJvbmc+IC0gZmFsc2U8L2xpPjxsaT48c3Ryb25nPndvb19zaW5nbGVfaGVpZ2h0PC9zdHJvbmc+IC0gMTgwPC9saT48bGk+PHN0cm9uZz53b29fc2luZ2xlX3dpZHRoPC9zdHJvbmc+IC0gMjUwPC9saT48bGk+PHN0cm9uZz53b29fdGFiczwvc3Ryb25nPiAtIGZhbHNlPC9saT48bGk+PHN0cm9uZz53b29fdGhlbWVuYW1lPC9zdHJvbmc+IC0gR2F6ZXR0ZTwvbGk+PGxpPjxzdHJvbmc+d29vX3VwbG9hZF9jdXN0b21fZXJyb3JzPC9zdHJvbmc+IC0gYTowOnt9PC9saT48bGk+PHN0cm9uZz53b29fdXBsb2FkX2Vycm9yczwvc3Ryb25nPiAtIGE6MDp7fTwvbGk+PGxpPjxzdHJvbmc+d29vX3ZpZGVvX2NhdGVnb3J5PC9zdHJvbmc+IC0gU2VsZWN0IGEgY2F0ZWdvcnk6PC9saT48L3VsPg== //