In these days, the sensor starts a FIN|ACK attack before the RST|ACK(type 2) attack was sending.
Seems the FIN|ACK attack only applied for TLS Client Hello censorship right now.

I don't have apt-get command on Mac

`[root@node2 ~]# curl www.baidu.com

新闻 hao123 地图 视频 贴吧 登录 <script>document.write('登录');</script> 更多产品

关于百度 About Baidu

©2017 Baidu 使用百度前必读  意见反馈 京ICP证030173号 

[root@node2 ~]# curl www.google.com
^C
[root@node2 ~]# curl www.google.com
curl: (7) Failed to connect to 2404:6800:4012::2004: Network is unreachable
[root@node2 ~]#
`
test with centos7 run the code but cannot visit google is no used anyone can tell me why

Hello author,thank you the contribute to code. I run the INTANG has some eorr. When I run the run.sh shell, the output file will see the error,error log:

1510359788.951534 [INFO] Current version: 7
1510359788.952014 [INFO] Starting redis server.
1510359788.960688 [ERROR] failed to set mark on raw socket.
1510359788.960711 [ERROR] Failed to initialize socket module.

I don't know How to resolve it, So can you help me ?
My system version is ubunutu:14.04,And run in docker ,The host machine is macos 12.12.

I created hotspot. I try to work it on hotspot but ı cant open the bloking website.

Recently, the wall deployed similar on-path tcp disruption tech on ipv6 connection. More specifically, 6in4/6to4 ssl/tls connections to google/youtube/facebook now get reset, but unlike ipv4 routing blackhole, these ipv6 addresses are ping-able. Will INTANG able to be extended to cover this case?

vmware ubuntu 16.04

1510392219.921919 [INFO] Current version: 7
1510392219.922106 [INFO] Starting redis server.
1510392219.960855 [INFO] Connecting to TCP DNS server.
1510392219.960970 [INFO] Building sync connection with redis server.
1510392219.961095 [INFO] Sync connection built successfully.
1510392219.961884 [INFO] Loading historical results from redis.
1510392219.963212 [INFO] Loading TTL from redis.
1510392219.964476 [INFO] Async connection built successfully.
1510392230.565110 [INFO] Triggered Type 1 Reset! 2157095104_41641_3075931830_20480_-1. LAST REQ:
1510392232.740092 [INFO] Triggered Type 1 Reset! 2157095104_7347_494054524_20480_-1. LAST REQ:
1510392237.176445 [INFO] [EVAL] STRATEGY SUCCEEDED. 2157095104_24279_182340471_20480_10
1510392237.469018 [INFO] [EVAL] STRATEGY SUCCEEDED. 2157095104_10464_2085298024_20480_19
1510392241.003975 [ERROR] Cannot connect to TCP DNS server. Retrying...
1510392249.568279 [INFO] [EVAL] STRATEGY SUCCEEDED. 2157095104_1675_257932635_20480_22
1510392256.732276 [INFO] [EVAL] STRATEGY SUCCEEDED. 2157095104_32452_462109463_20480_17
1510392262.996895 [ERROR] Cannot connect to TCP DNS server. Retrying...
1510392285.000701 [ERROR] Cannot connect to TCP DNS server. Retrying...
1510392306.038095 [INFO] [EVAL] STRATEGY SUCCEEDED. 2157095104_13963_257932635_20480_11
1510392306.983197 [ERROR] Cannot connect to TCP DNS server. Retrying...
1510392316.773483 [INFO] Saving TTL to redis
1510392317.792354 [ERROR] error during nfq_destroy_queue()
1510392317.792478 [INFO] Killing redis server (pid 10987).
1510392317.792501 [INFO] Daemon exited.

Thanks for your work.
And things gonna be better if this tool can also work on mac>_<I wish that day come soon.

not connected to Google , Youtube...

1517994994.979684 [INFO] Current version: 7
1517994994.979846 [INFO] Starting redis server.
1517994995.018622 [INFO] Building sync connection with redis server.
1517994995.018783 [INFO] Connecting to TCP DNS server.
1517994995.018939 [INFO] Sync connection built successfully.
1517994995.019649 [INFO] Loading historical results from redis.
1517994995.025078 [INFO] Loading TTL from redis.
1517994995.028322 [INFO] Async connection built successfully.
1517994995.498045 [INFO] Connected to TCP DNS server.
1517995014.522770 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_14574_437256727_20480_17
1517995033.168868 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_15569_4146581707_20480_3
1517995033.533690 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_61084_3743928523_20480_22
1517995033.534395 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_54482_3307720907_20480_17
1517995033.534951 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_55506_3307720907_20480_3
1517995037.267510 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_5828_502076021_20480_5
1517995040.736610 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_6340_502076021_20480_5
1517995045.122997 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_17092_502076021_20480_5
1517995045.123843 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_17604_502076021_20480_5
1517995045.340634 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_18116_502076021_20480_5
1517995063.552395 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_675_1360003607_20480_17
1517995074.983732 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_40644_502076021_20480_6
1517995075.271454 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_41156_502076021_20480_6
1517995137.143988 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_50360_4012363979_20480_10
1517995137.519944 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_61597_3743928523_20480_11
1517995137.754601 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_53971_3307720907_20480_17
1517995138.210314 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_13530_1747701963_20480_17
1517995138.210995 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_15066_1747701963_20480_24
1517995138.553348 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_15578_1747701963_20480_11
1517995138.554457 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_16090_1747701963_20480_10
1517995138.906888 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_16602_1747701963_20480_10
1517995144.162613 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1677764800_58044_2056903988_20480_5
1517995315.041727 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_34501_502076021_20480_6
1517995315.042894 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_33989_502076021_20480_6
1517995437.346301 [INFO] [EVAL] STRATEGY SUCCEEDED. 1677764800_39621_502076021_20480_6

platform:
arch linux (4.12.8-2-ARCH)

the output of run.sh:

693:C 03 Nov 12:09:11.340 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
693:C 03 Nov 12:09:11.341 # Redis version=4.0.2, bits=32, commit=00000000, modified=0, pid=693, just started
693:C 03 Nov 12:09:11.341 # Configuration loaded
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

log:
1509682151.259493 [INFO] Current version: 7
1509682151.259821 [INFO] Starting redis server.
1509682151.401993 [INFO] Saving TTL to redis
1509682151.610254 [INFO] Killing redis server (pid 694).
1509682151.610434 [INFO] Daemon exited.

Hi,

I tried INTANG on ubuntu 16.04 and it worked perfectly, all tcp resetting sites worked fine but i dont usually use linux, my main OS is freebsd and i want this to work natively with freebsds pf/ipfw (I made it work using virtualbox-bridged network adapter under freebsd as an ubuntu guest and there are no problems)

How hard would it be to port this to FREEBSD, can you provide any guidance on that ?

Thank you.

Amazed by the project, I signed in just to ask if this could be run on Windows or do I have to set up a virtual platform? Thank you!

I'm no software engineer, but I'm not stupid either. If anyone would be kind enough to explain to me I'm pretty sure I'd be able to understand and appreciate the help.

The following error may occur when too many packets received once upon a time.

"rv = -1. errno: 105. No buffer space available

while ((rv = recv(g_nfq_fd, buf, sizeof(buf), 0)) && rv >= 0) {
    //log_debugv("pkt received");
    nfq_handle_packet(g_nfq_h, buf, rv);
}
log_debug("rv = %d. errno: %d. %s", rv, errno, strerror(errno));

It looks like it might be worth trying to increase the buffer size of the netlink socket
From https://www.netfilter.org/documentation/FAQ/netfilter-faq-4.html

these are standard Netlink sockets, and you can tune their receive buffer sizes via /proc/sys/net/core, >sysctl, or use the SO_RCVBUF socket option on the file descriptor.

When I opened the link of the paper in readme.md, DOI told me that "This DOI cannot be found in the DOI System." What happend?

dear developpers,

i am in mainland China. thank you very much for providing such a tool.

however i am afraid that i need your help.

i tried to install INTANG on Ubuntu 16.04 x64. i followed the instructions in README, and the compilation and run seems simple enough.
when i run the script, information is printed as follows:

felix@ubuntu:~/INTANG-master$ ./run.sh
Daemon has started.
The logs can be found in /var/log/intangd.log
felix@ubuntu:~/INTANG-master$ iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

felix@ubuntu:~/INTANG-master$

and the log file is as follows:

felix@ubuntu:~/INTANG-master$ cat /var/log/intangd.log
1509716127.002127 [INFO] Current version: 7
1509716127.002374 [INFO] Starting redis server.
1509716127.212800 [INFO] Saving TTL to redis
1509716127.228370 [INFO] Killing redis server (pid 42007).
1509716127.228454 [INFO] Daemon exited.

i have no idea what caused the daemon stopping.
can you please give me some hint on what to do?
thanks for your time

I have heard a similar project called 西厢计划 which is trying to identify fake packet from GFW, which will stop work when the "fingerprint" of GFW changes. Finally no body keep maintaining that project anymore now. Similarly if GFW fixed those flaws you used, this tool will stop working unless you find new flaws, as you mentioned in the paper. Is there any plan for that, or this is just a research project?

Can not open any blocked website, like google, twitter, dropbox, facebook etc.

1509702764.838159 [INFO] Current version: 7
1509702764.838264 [INFO] Starting redis server.
1509702764.885679 [INFO] Building sync connection with redis server.
1509702764.885919 [INFO] Sync connection built successfully.
1509702764.886024 [INFO] Loading historical results from redis.
1509702764.890654 [INFO] Loading TTL from redis.
1509702764.895369 [INFO] Async connection built successfully.
1509702764.896830 [INFO] Connecting to TCP DNS server.
1509702764.954859 [INFO] Connected to TCP DNS server.
1509702788.365938 [INFO] [EVAL] STRATEGY SUCCEEDED. 117440522_18625_2151024480_20480_11
1509702802.768291 [INFO] [EVAL] STRATEGY SUCCEEDED. 117440522_23773_457910551_20480_8
1509702803.030838 [INFO] [EVAL] STRATEGY SUCCEEDED. 117440522_21681_502076021_20480_2

Since October 2017,it seems that the GFW deployed a new policy that it analyzed the name of certification from the ACK of server.
If it contained like google.com ,then sent RST to server and dropped all packages from the client to that IP address.

Someone said that it needed to wait for tls1.3 online that encrypted the certification name.

So,does this tool still work?

I ran "run.sh" and get this:
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

Then, the program exited.

@gkso @xulang726 @CvvT @seclab-ucr
sometimes the program is working stably. sometimes does not work.it was running stably in the first installation. over time, it don't working stably.
Intangd.log:
1548674973.864738 [INFO] Current version: 7
1548674973.865288 [INFO] Starting redis server.
1548674975.086556 [INFO] Building sync connection with redis server.
1548674975.087812 [INFO] Sync connection built successfully.
1548674975.087795 [INFO] Connecting to TCP DNS server.
1548674975.088669 [INFO] Loading historical results from redis.
1548674975.164749 [INFO] Connected to TCP DNS server.
1548674975.238943 [INFO] Loading TTL from redis.
1548674975.383371 [INFO] Async connection built successfully.
1548674991.181617 [ERROR] Send keep alive packet failed. errno: 32
1548674991.181898 [INFO] Connecting to TCP DNS server.
1548674991.971873 [INFO] Connected to TCP DNS server.
1548675061.402607 [INFO] Saving TTL to redis
1548675061.782472 [ERROR] error during nfq_destroy_queue()
1548675061.782690 [INFO] Killing redis server (pid 10594).
1548675061.782802 [INFO] Daemon exited.

In past days I learned this tool seems can only work on wordpress.com and dropbox.com.
(which still not working on my machine)
But both this 2 site are forced to use https by now.
Which means if you can access those 2 site as long as you get dns fixed.

So here is the question what is the right way to verify the effect of this tool?
Is this tool suppose to use with http proxy?
Is this tool designed to be a extension to help unencrypted proxy tool to bypass IDS like the GFW?

I'd like to get some answer before spend more time on this.

I give INTANG a second try, this time, installation is fine, running is fine, but just doesn't work:
sensitive websites still reset, which are not banned by IP address, I'm sure, and I do as FAQ.md:

connecting the website again later after a certain period (i.e. 90 seconds). INTANG will automatically choose the best strategy for each server based on historical results

still no luck.

When send_insertion_packet() function handles a full-sized packet with INS_DISC_MD5 flag on, send the insertion packet will cause a "Message too long" error, since the the packet length is greater than MTU size.

if (flags & INS_DISC_MD5) {
    u_char bytes[20] = {0x13,0x12,0xf9,0x89,0x5c,0xdd,0xa6,0x15,0x12,0x83,0x3e,0x93,0x11,0x22,0x33,0x44,0x55,0x66,0x01,0x01};
    memcpy(vars->tcp_opt + vars->tcp_opt_len, bytes, 20);
    vars->tcp_opt_len += 20;
}

payload_len may need to be fixed after the injection.

I am just a tyro in TCP/IP field, just curious about this project. Best wishes~

Hello,

I have successfully built the mips32 binary for the Lede 17.01.4 but when I fire it up, it just hangs there with a redis error at the log.

What might be the reason for this ?

INTANG_0-1_mips_mips32.zip
intangd.zip

How can i create service?

with INTANG, some website can be access, but not steady, next time U access that website again, which might be reset.

GFW now can filter TLS SNI field，that mean INTANG is important tool to against it.

Hope INTANG can improve to be a steady and useful tool.

Cann't ping any ip address after run INTANG.

Logs below:

root@MT-FFW:~/INTANG# cat /var/log/intangd.log
1509784754.117323 [INFO] Current version: 7
1509784754.117417 [INFO] Starting redis server.
1509784754.132627 [INFO] Connecting to TCP DNS server.
1509784754.132683 [INFO] Building sync connection with redis server.
1509784754.132789 [INFO] Sync connection built successfully.
1509784754.133486 [INFO] Loading historical results from redis.
1509784754.133559 [INFO] Loading TTL from redis.
1509784754.133606 [INFO] Async connection built successfully.
1509784754.210977 [INFO] Connected to TCP DNS server.
1509786394.025924 [ERROR] Send keep alive packet failed. errno: 32
1509786394.026021 [INFO] Connecting to TCP DNS server.
1509786409.197055 [INFO] Connected to TCP DNS server.
1509786474.241366 [ERROR] Send keep alive packet failed. errno: 32
1509786474.241454 [INFO] Connecting to TCP DNS server.
1509786474.394250 [INFO] Connected to TCP DNS server.

OS: UBUNTU 16.04 X64.
USER: ROOT
Already Run "iptables -F ".

Thanks.

intangd is running. but can not open any gfwed site by domain or by ip.

logs:

$ cat /var/log/intangd.log
1515489601.565875 [INFO] Previous version 0, current version 7
1515489601.565908 [INFO] Deleting redis DB due to version update.
1515489601.565924 [WARNING] Failed to delete redis db. errno: 2
1515489601.565955 [INFO] Starting redis server.
1515489602.844626 [INFO] Building sync connection with redis server.
1515489602.844777 [INFO] Sync connection built successfully.
1515489602.844862 [INFO] Loading historical results from redis.
1515489602.845000 [INFO] Loading TTL from redis.
1515489602.845083 [INFO] Async connection built successfully.
1515489602.846181 [INFO] Connecting to TCP DNS server.
1515489730.073424 [ERROR] Cannot connect to TCP DNS server. Retrying...
1515489849.561933 [INFO] Triggered Type 1 Reset! 1694607552_62096_1545149544_20480_11. LAST REQ: GET 6.djdq.org/ HTTP/1.1
1515489854.480034 [INFO] [EVAL] STRATEGY FAILED 2. HTTP TRIGGERED TYPE 1 RESET. 1694607552_62096_1545149544_20480_11
1515489854.480488 [INFO] [EVAL] HTTP REQUEST SENT DURING 90 SEC. 1694607552_63120_1545149544_20480_10
1515489855.180813 [INFO] [EVAL] HTTP REQUEST SENT DURING 90 SEC. 1694607552_63632_1545149544_20480_17
1515489858.329400 [ERROR] Cannot connect to TCP DNS server. Retrying...
1515489941.067904 [INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE. 1694607552_63632_1545149544_20480_17
1515489986.585397 [ERROR] Cannot connect to TCP DNS server. Retrying...
1515490114.841462 [ERROR] Cannot connect to TCP DNS server. Retrying...
1515490243.097414 [ERROR] Cannot connect to TCP DNS server. Retrying...
1515490243.097456 [ERROR] Reached maximum retry count.
1515490371.353615 [ERROR] Cannot connect to TCP DNS server. Retrying...
1515490371.353809 [ERROR] Reached maximum retry count.
1515490391.221063 [INFO] [EVAL] STRATEGY SUCCEEDED. 1694607552_32449_1764479179_20480_1
1515490392.250799 [INFO] [EVAL] STRATEGY SUCCEEDED. 1694607552_52433_505925835_20480_11
1515490392.702298 [INFO] [EVAL] STRATEGY SUCCEEDED. 1694607552_15531_4029337803_20480_10

When I run INTANG, I can't Ping Google.
cat /var/log/intangd.log

1511877429.351735 [INFO] Current version: 7
1511877429.351822 [INFO] Starting redis server.
1511877429.374581 [INFO] Building sync connection with redis server.
1511877429.374718 [INFO] Sync connection built successfully.
1511877429.374744 [INFO] Connecting to TCP DNS server.
1511877429.374839 [INFO] Loading historical results from redis.
1511877429.375098 [INFO] Loading TTL from redis.
1511877429.375215 [INFO] Async connection built successfully.
1511877429.832840 [INFO] Connected to TCP DNS server.
1511877445.847894 [ERROR] Send keep alive packet failed. errno: 32
1511877445.847988 [INFO] Connecting to TCP DNS server.
1511877445.941228 [INFO] Connected to TCP DNS server.
1511877527.885332 [INFO] [EVAL] STRATEGY SUCCEEDED. 3289426112_3254_3018320055_20480_11
1511877588.039548 [INFO] [EVAL] STRATEGY SUCCEEDED. 3289426112_41401_542641785_20480_10
1511877617.924538 [INFO] [EVAL] STRATEGY SUCCEEDED. 3289426112_17822_542641785_20480_6
1511877650.620333 [INFO] [EVAL] STRATEGY SUCCEEDED. 3289426112_65208_1215242864_20480_12
1511877653.327750 [INFO] [EVAL] STRATEGY SUCCEEDED. 3289426112_2233_1215242864_20480_17
1511877720.714658 [INFO] [EVAL] STRATEGY SUCCEEDED. 3289426112_2745_1215242864_20480_24
1511877721.466569 [INFO] [EVAL] STRATEGY SUCCEEDED. 3289426112_3257_1215242864_20480_17
/tmp/INTANG-master/src/dns.c send_keep_alive_packet() error,How can I solve this problem?

[INFO] Current version: 7
[INFO] Starting redis server.
[INFO] Building sync connection with redis server.
[INFO] Sync connection built successfully.
[INFO] Loading historical results from redis.
[INFO] Loading TTL from redis.
[INFO] Async connection built successfully.
[INFO] Connecting to TCP DNS server.
[INFO] Connected to TCP DNS server.
[INFO] [EVAL] STRATEGY FAILED 1. HTTP NO RESPONSE.2818746560_33478_717765336_20480_14
出现 No Response一般是什么原因呢？
系统是 linux mint 18，基于Ubuntu16.04.4(内核4.4.0)

README.md contains link to https://doi.org/10.1145/3131365.3131374 which report:

DOI Not Found

10.1145/3131365.3131374

This DOI cannot be found in the DOI System. Possible reasons are:

• The DOI is incorrect in your source. Search for the item by name, title, or other metadata using a search engine.
• The DOI was copied incorrectly. Check to see that the string includes all the characters before and after the slash and no sentence punctuation marks.
• The DOI has not been activated yet. Please try again later, and report the problem if the error continues.

这个项目确实很屌炸天,虽然我贡献不了代码,但是我会尽量的安利和推广,希望能有更多的优秀开发工程师参与到项目中来.希望该项目能够尽快人手一份哦

useless proj.

gcc -g -c -I. -Istrategies main.c -o main.o -pthread
gcc -g -c -I. -Istrategies helper.c -o helper.o -pthread
gcc -g -c -I. -Istrategies logging.c -o logging.o -pthread
gcc -g -c -I. -Istrategies socket.c -o socket.o -pthread
gcc -g -c -I. -Istrategies strategy.c -o strategy.o -pthread
strategy.c: In function 'dump_strat_weights':
strategy.c:501:5: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 0; i < g_strat_num; i++) {
^
strategy.c:501:5: note: use option -std=c99 or -std=gnu99 to compile your code
make[1]: *** [strategy.o] Error 1
make[1]: Leaving directory `/root/INTANG/src'
make: *** [all] Error 2