|
|
|
|
|
|
by bawolff
2006 days ago
|
|
|
Its still possible that instead they are just hijacking the ip space. You could probably distinguish by running traceroute. Or doing something like curl https://186.2.163.219 --header "host: sci-hub.se" -k (which should not send an SNI that can be sniffed but still send the corect host header inside the encrypted http stream so the connection would work minus a cert failure, but DPI by the isp wouldnt be able to detect. If that curl fails they are probably doing ip address hijacking. If domain-fronting request works then they are probably sniffing SNI) |
|
|