Hacker News new | past | comments | ask | show | jobs | submit | leo250's comments login

“You can always be thinner, look better”


Hello I’m from Russia. And yes, local authorities started blocking telegram IPs. It doesn’t work without proxy/vpn.


Their DPI is so dumb that it can be easily bypassed just by editing `Host` to `HOst` in http header. BTW ipv6 adresses are not blocked.


What does that even mean? Every ISP has it's own filtering system, some (or maybe even most of them) are custom built ones. There is no such thing as single government approved DPI.


Wait, assuming they're using TLS and certificate-pinning, the DPI shouldn't be able to read the HTTP headers at all. How does that work?


That’s right, but basically dpi sends tcp reset in case of https or 302 redirect in case of http before target server response, since it’s located nearer. There’s a tool to bypass this, so you can read more there. https://github.com/ValdikSS/GoodbyeDPI


If I'm not mistaken use of SNI reveals the target in plain text, big discussion these days with DNS over TLS etc.


Not all ISPs even have DPI, small ones just block IPs


It's not possible to comply with RKN's requirements by banning IPs for quite a long time already.


In my case, proxy alone doesn't help. It only works with VPN now :(.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: