#翻译1:墙国封网的三种主要手段
节选自:VPNs & Internet in China: Everything you need to know
The Internet blocking/censorship issues
封网和审查问题
As if slow Internet wasn’t enough, get to know what’s even worse: the censorship.
在墙国运营商降低网速还不是最坏的问题,最糟糕的应该是网络审查问题。
DNS censorship
DNS审查
DNS requests are censored by the ISP monopoly using a method called hijacking (or poisoning), resolving “blocked” hostnames into non-relevant IP addresses.
网络运营商三巨头用一种叫做DNS劫持(或称之为投毒)的方法来审查DNS请求。
For example, a DNS lookup for a VPN service in USA resolves to some IP address in Mexico.
比方说,墙国的一个DNS服务器会把一个去美国的vpn服务器的请求解析成一些墨西哥的ip地址。
They aren’t blocking the DNS requests, meaning that you can still try to use various DNS services you want, but the replies coming from the DNS service are hijacked on-the-fly for the “blocked” domains/hostnames.
墙国并没有屏蔽DNS请求,意思是你依然可以使用大量你想用的DNS服务器,但是来自这些服务器的回复如果属于黑名单上的,就会被GFW随手劫持。
IP addresses blocking
封IP地址
When the DNS blocking is not fully effective, as people can use the IP addresses of blocked websites instead of DNS names (for example you access the IP address of a website directly instead of querying the DNS name of the website), the Great Firewall will block IP addresses.
当然DNS投毒还封不完全,因为墙国人还可以用被墙域名的IP地址进行直接访问,这个时候GFW就会直接封IP.
This type of blocking is common with VPN, Tor and proxy servers.
这种屏蔽手段经常出现在对VPN,tor,以及网络代理服务上。
Protocol blocking
封网络协议
The Great Firewall is using a method called DPI (Deep Packet Inspection) to analyze all inbound and outbound traffic in real-time.
GFW正在用一种名为深度包检测的办法来实时分析所有进出的流量。
The technology can be compared to an anti-virus, which relies on signatures and heuristic/behavior and statistic analysis to identify and flag protocols that are not allowed.
这种技术有点像是一种反病毒系统,它依赖于签名、启发式行为以及统计的方法来确定或标记一些不被允许的协议。
VPN protocols are using encryption to secure the data transmitted over the Internet, and the DPI system can identify and block most types of VPN tunneling protocols.
VPN利用加密技术来保证数据安全的进行网络传输,而深度包监测可以识别并屏蔽绝大多数的VPN协议。
The most affected VPN protocol in China is OpenVPN in its default configuration.
在墙国最受影响的VPN协议是默认配置下的OpenVPN协议。
OpenVPN can still bypass the Great Firewall if its handshake is hidden so it can’t be seen and blocked by the GFC.
不过OpenVPN协议依然可以绕过GFW的审查,如果其在握手环节进行隐藏和伪装的话。(注:例如Express,以及vypr的变色龙技术,2018年一月依然有效)
Other VPN protocols that still work in China quite well are PPTP and L2TP/IPsec.
另外PPTP以及L2TP/IPsec协议依然在墙国表现不错。(注:这是2014年,12月的文章)
expressvpn
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://vpnreviewer.com/internet-vpn-china