Please refer to for further updates instead of the V2Ray release page. For an attacker with privileged access to network path, Fake HTTP Header does not offer adequate protection against specialized detection or manual inspections by attackers with special tools and knowledge. However, it is only designed to circumvent ISP's QoS, rate limiting, throttling, and sabotage of unrecognized connection. Fake HTTP Header will from now on imitate standard HTTP server behavior better and is able to significantly hindrance active probing.If you have multiple VMess inbounds on the same host, the protection offered by procedurally generated connection drain and close patterns will be slightly encumbered. The attacker will not be able to aggregate results in order to identify server identity. For each server, these values will be different and remain constant for that server. The base drain size and drain size jitter will be generated based on UUID a VMess inbound have when the first connection arrives. It can neutralize all known "replay and observe close" attacks. From now on, the VMess protocol will drain any unrecognized or invalid connection based on procedurally generate connection drain and close patterns.This behavior is tweakable with the configure file. This allows the server to blend into normal TCP servers better and its benefit is significantly higher than potential downsides. This may increase server load if the server is under a DDoS attack. Server will by default wait 60 seconds for the handshakes to complete before closing the connection instead of 4 seconds.From now on, if the request path is not expected, the server will abort the connection. For users using Fake HTTP Header, it is necessary to keep clients and servers synchronized on fake HTTP header settings, and assign a path with sufficient entropy.However, for those dynamically add and remove UUID, it is recommended to connect to V2Ray's port immediately after starting it before adding more UUIDs with API and make sure there is at least one UUID in the configure file even if you plan to add more later. This is very unlikely to influence users that are using V2Ray as a standalone software. For VMess servers, it is not recommended to change UUID frequently as VMess will procedurally generate its connection drain and close pattern based on UUID it has when the first connection arrives.For VMess connections, clients cannot rely on servers to indicate issues in connectivity or password mismatch by closing connection.Issued a fix for Fake HTTP Header weakness described in #2537.Issued further fixs for VMess weakness described in #2523 #2539.These AVs are known to generate false-positive results: "Microsoft", "McAfee", "Cylance", "Symantec", "F-Secure", "SecureAge APEX", "Cybereason", "Cynet", "MaxSecure", "F-Secure", "Avira", "AVAST", "AVG", "Rising"(瑞星). If you have more information to report please leave them here. Microsoft's AV detects V2Ray as "Trojan:Win32/Wacatac.C!ml", "Program:Win32/Wacapew.C!ml" each time we release a new version, and I have to manually contact them each time to remove it from the malware database. We are aware some anti-virus software detects V2Ray as malware, which it isn't, but we can't afford to pay the fee needed to make them not detect V2Ray as malware. Thanks LocalAddr() in UDP workers will now return correct local addr. Minor fixes from v2fly/v2ray-core#12 v2fly/v2ray-core#10 included. Pay attention to this change if you are designing a "V2Ray Panel", "Airport" or "V2Ray Service Provider". Unless the server is under attack, a well-behaved client is not influenced. To slow down certain replay attacks, taint mechanic for VMess MD5 authentication data is introduced.MKCP can now be encrypted to resist recognition, address issue mentioned in #2530 #2253 #2131. See extra-VMessAEADdoc.zip for a more detailed explanation available in both Chinese and English. You can now enable VMessAEAD to be better protected. VMess's new header format experiment begins. Use Git and go mod command as your first choice while developing. The project gets rid of GOPATH mode entirely from now on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |