How would one get around this if they found themselves in such a situation?

est · 2025-08-20T06:39:02 1755671942

In this exact scenario, just use ports other than :443

But GFW certainly had the capability to block all ports. So no one really knew.

molticrystal · 2025-08-20T07:13:04 1755673984

Well for starters recreate the situation and test out different approaches. Thanks to the detailed analysis that can be attempted.

If I understand right, a good next step would would be with eBPF or some type of proxy ignore the forged RST+ACK at the beginning.

Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.

kotri · 2025-08-20T10:06:16 1755684376

> ignore the forged RST+ACK

See <Ignoring the Great Firewall of China> in 2006. That won't work if RST/ACK was injected to both sides.

> Then it would come testing to see if sending a bunch of ACK packets, perhaps with sequence numbers that would when reconstructed could complete the handshake. Trying to send them alongside the SYN+ACK or even before if it can be predicted. Maybe try sending some packets with sequence id 0 as well to see what happens.

This is an interesting approach already being utilized, namely TCB desync. But currently most people tend to buy VPN/proxy services rather than studying this.

billy99k · 2025-08-22T21:43:29 1755899009

I've been using Astrill to bypass the GFW for almost a decade. It's a bit expensive, but worth it.