Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Copper9 Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
How to bypass ISP censorship
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= How Online Content is Blocked = Internet blocks are multi-layered systems and not simple on/off switches. Bypassing them is similar to a cat-and-mouse game. Filtering mechanisms primarily include: ; DNS Filtering / Poisoning / Hijacking : The censor intercepts requests to resolve a domain name and either returns no answer or a false IP address. This is the simplest and most common form of blocking, but also the easiest to bypass in some cases. To bypass it, a third party (not from your ISP) DNS server should be used with a DNS protocol supporting encryption like DNS over HTTPS. If blocks are still in place, your ISP may be using DPI. ; Deep Packet Inspection (DPI) : This is a more advanced method. State-level “middle boxes” (like Russia's TSPU or China's Great Firewall (GFW)) actively inspect the content of unencrypted (or encrypted for their own certificate authority) traffic. For encrypted traffic, they inspect the “metadata,” such as the Server Name Indication (SNI) in a TLS handshake. The SNI field, which states the domain you are visiting, is unencrypted and provides a simple way for censors to identify and block HTTPS connections. Bypassing this requires specialized programs. If blocks are still in place, your ISP may be using IP blacklisting. ; IP Blacklisting : The censor blocks all network traffic to and from known IP addresses associated with a “forbidden” service (e.g., a VPN provider's servers or a specific website). Bypassing this is harder and requires connecting to a proxy/VPN server that doesn't have these restrictions. This can create a chicken-and-egg problem, like a proxy/VPN service being IP blocked but needing a proxy/VPN to bypass it. ; Protocol Filtering : The DPI system is configured to identify and block the “fingerprints” of circumvention protocols themselves. Standard OpenVPN and WireGuard traffic is easily identifiable and is a primary target for blocking. Ports of commonly used protocols can be blocked too (e.g., port 51820 can be blocked to prevent a WireGuard connection if there are no alternative ports). The tools in this list are all solutions to one or more of these methods. They either: # Manipulate packets at a low level to confuse the DPI, # Obfuscate (disguise) traffic to look like something benign and unblockable (like standard web traffic), or # Decentralize content, so there is no single server to block.
Summary:
Please note that all contributions to Copper9 Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Wiki on Copper9:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
How to bypass ISP censorship
(section)
Add topic
