I think there would be thousands of hackers who're working from Mainland China. So, I'm wondering how could you get through GFW?<p>I've known that GFW has been upgraded recently, and it becomes more sophisticated in filtering the web. Tor nodes, lots of vpn networks, as well as SSH don't work around now.<p>I (or we) appreciate if someone here could come up a good and reliable solution.
My brother was in Beijing for the summer, and he said the SSH tunnel I set up for him worked fine. It's possible that things have changed in the couple months since he's left, but I'd be surprised ...<p>If you want to go really overboard, tunnel IP over DNS, ICMP, or some other common protocol ;-) (e.g. <a href="http://thomer.com/howtos/nstx.html" rel="nofollow">http://thomer.com/howtos/nstx.html</a>)
TOR still works fine -- you just need to configure it to use bridges. <a href="https://www.torproject.org/bridges" rel="nofollow">https://www.torproject.org/bridges</a>
Their blocking vpn and ssh even on non standard ports?<p>Don't know much about the Great Firewall, but I usually keep a SSH server listening on port 80 on a box, sometimes those hotels and company networks don't let anything other than port 80 outbound, and it has yet to fail me.
Once a new method is found, people will flood to it, then it will be noticed, and banned. Since GFW was created, this process happened repeatedly. So IMHO, there's no silver bullet.
I use witopia.net - great service - but make sure you get the more expensive ssl package (and play around trying the various nodes). As others have said, it is truly the best $60 bucks I've ever spent if you're a frequent traveler in China. I use it to watch hulu, youtube, facebook, etc. Sometimes it's a bit slower than I'd like but I often find that using it I can get foreign sites faster than even going direct.
OpenVPN + NAT.<p>Unlike most VPN technologies which rely on additional encapsulation in Layer 3/4 like GRE and IPSec (which have signatures that can be filtered out easily without deep packet inspection), OpenVPN works over userspace TUN/TAP drivers and a UDP transport. So, it just looks like plain old application-layer UDP traffic. The standard port it uses (1194) can be changed easily.<p>Although not impossible, it would be very hard to block something like that without catching in the same rules many other ordinary applications that use UDP, such as most online games, Skype, etc.<p>It does, however, require that you tunnel to a concentrator outside the GFW.
A lot of feedbacks from kind hackers, I could only conclude that there is no silver bullet.<p>Though I think the best work-around is hosting a server outside of mainland china, and then tunnel through ssh or vpn. An EC2 might works here, but I've not tested it. If someone tested, please share us your hacking.<p>Thanks all.
All bypass methods can be categorized into two:<p>1. Methods that requires a 3rd-party server<p>2. Methods that do NOT requires a 3rd-party server<p>Currently mainland underground hackers focus on methods #2, and as far as I know 3 POC works fine through GFW on OSI level 3, 4, and 7, unless the target is an IP ban.
I thought the GFW worked by sending a RST to any TCP connection that it didn't like. If you ignore the RST then the connection goes ahead. Has that changed?<p><a href="http://www.cl.cam.ac.uk/~rnc1/talks/060628-Ignoring.pdf" rel="nofollow">http://www.cl.cam.ac.uk/~rnc1/talks/060628-Ignoring.pdf</a>
Just read a recent blog post about this:<p><a href="http://zygote.egg-co.com/5-interesting-facts-about-the-internet-in-china/" rel="nofollow">http://zygote.egg-co.com/5-interesting-facts-about-the-inter...</a>