INTANG is a project for circumventing the "TCP reset attack" from the Great Firewall of China (GFW) by disrupting/desynchronizing the TCP Control Block (TCB) on the censorship devices. INTANG runs as a client-side only tool in background to protect the TCP connections from being interfered (or even monitored) by the GFW. It works on TCP/IP layers instead of application layer, thus considered more general and can help all application layer protocols, e.g. HTTP, DNS over TCP, OpenVPN, Tor, evading censorship. It can also be run on a proxy to make the deployment easier for those who are incapable of running INTANG (using OSes other than Linux or doesn't have root privillige).
Platform
Linux (must has netfilter supported in kernel)
Tested with Ubuntu 12.04/14.04/16.04.
Dependencies
- libnetfilter-queue-dev
- libnfnetlink-dev
- redis-server
- libhiredis-dev
- libev-dev
- python-redis (optional)
- python-scapy (optional)
Compilation
- Install prerequisite packages:
or
- Compile:
And the binary will be located under bin folder.
How to Run
- Use
run.sh
to start the daemon. Logs are by default written to /var/log/intangd.log. If you want to test a specific strategy, userun.sh
. Strategy IDs can be checked withrun.sh -h
. - Use
stop.sh
to stop the daemon. It simply send SIGINT signal to the daemon.
The daemon needs root privilege to run. If you are using Virtual Machine, you'll need to configure the networks in Bridge Mode.
from https://github.com/seclab-ucr/INTANG
No comments:
Post a Comment