2025-09-14 21:52:36 +00:00
|
|
|
|
# 【M22项目】Fast VPN特征提取
|
|
|
|
|
|
|
|
|
|
|
|
| ID | Creation Date | Assignee | Status |
|
|
|
|
|
|
|----|----------------|----------|--------|
|
|
|
|
|
|
| OSS-291 | 2024-06-18T14:13:22.000+0800 | 刘宏宇 | 完成 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
1、Fast VPN特征提取
|
|
|
|
|
|
|
|
|
|
|
|
2、可以使用BJ环境进行特征提取
|
|
|
|
|
|
|
|
|
|
|
|
3、[https://docs.geedge.net/pages/viewpage.action?pageId=129101057]
|
|
|
|
|
|
|
|
|
|
|
|
4、[~xubotao] 和[~liuhongyu] 一起进行这个软件的特征提取
|
|
|
|
|
|
**liuhongyu** commented on *2024-06-19T18:42:19.568+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
徐博涛:抓包分析该VPN特征,提取了158个serverIP
|
|
|
|
|
|
|
|
|
|
|
|
刘宏宇:提取了113个serverIP,3个FQDN
|
|
|
|
|
|
|
|
|
|
|
|
该VPN有openVPN-tcp、openVPN-udp、wireguard、IKEv2四种协议,常用端口443/8080/8443/1194,工作完成百分比:30%
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**liuhongyu** commented on *2024-06-20T18:11:39.003+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
徐博涛:提取了64个serverIP,验证WindowsFD情况
|
|
|
|
|
|
|
|
|
|
|
|
刘宏宇:抓包分析特征,提取了38个serverIP,验证AndroidFD情况。
|
|
|
|
|
|
|
|
|
|
|
|
目前Android和windows所有节点可完全FD,IOS未测试,工作完成百分比:70%
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**liuhongyu** commented on *2024-06-21T18:15:50.680+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
提取了5个FQDN,13个serverIP,编写airtest自动化脚本,抓包分析该VPN在打开软件时会请求DNS获取节点,wireguard协议端口为56820,可以作为特征。
|
|
|
|
|
|
|
|
|
|
|
|
目前IOS/Android/Windows均可正常封堵,通过会话日志观察没有误封现象。下一步须在M环境进行验证。工作完成百分比:90%
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
**liuhongyu** commented on *2024-06-24T18:19:36.055+0800*:
|
|
|
|
|
|
|
|
|
|
|
|
6月22日测试发现windows有穿透现象,测试发现windows获取节点IP方式与Android不同,抓包分析后,发现该VPN会获得节点域名,然后发送DNS请求获得节点IP,多次尝试后,将serverIP提出并添加到特征中。
|
|
|
|
|
|
|
|
|
|
|
|
共提取了1731个serverIP,目前IOS/Android/Windows均可正常封堵,观察会话日志没有发现误封情况,须在M环境进行验证。M环境本周无法使用,需等环境恢复后验证。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-09-14 22:26:17 +00:00
|
|
|
|
# Attachments
|
2025-09-14 21:52:36 +00:00
|
|
|
|
|
