Show HN: Aroma: Every TCP Proxy Is Detectable with RTT Fingerprinting
4 months ago
- #Network Timing
- #TCP Proxy Detection
- #Proof of Concept
- Aroma does not use IP intelligence but can be complemented by it.
- Current detection scores are set low to avoid false positives (0.3-0.1 is low but not flagged as proxy).
- Aroma is not production-ready; it's a proof of concept.
- Aroma detects TCP Proxies but not VPNs unless they use TCP Proxying.
- Aroma can detect Cloudflare WARP as it acts like a UDP => TCP proxy.
- Detection is based on TCP RTT measurements (minimum and smoothed RTT).
- Score calculation: tcpi_min_rtt / tcpi_rtt.
- Normal scores: 1-0.7; 0.7-0.3 for unstable connections; <0.1 flagged as proxy.
- Demo available at https://aroma.global.ssl.fastly.net/.
- Distance estimation based on RTT and light speed limitations.
- Proxies increase RTT measurements for protocols above their layer.
- Algorithm for score: (proxy RTT) / (non-proxy RTT).