TECHNIQUES

random-payload-detect   Random / high-entropy payload detection

Censors flag flows whose first N bytes have entropy higher than typical legitimate protocols. The original GFW shadowsocks detection used this.

3 PAPERS ON FILE

• 2023-wu-fully-encrypted-detect How the Great Firewall of China detects and blocks fully encrypted traffic USENIX Security · 2023
• 2022-blocking-tls-circumvention Large scale blocking of TLS-based censorship circumvention tools in China gfw.report · 2022
• 2020-alice-shadowsocks-detection How China Detects and Blocks Shadowsocks IMC · 2020