Show HN: Aroma: Every TCP Proxy Is Detectable with RTT Fingerprinting https://ift.tt/IHaXDBv

Show HN: Aroma: Every TCP Proxy Is Detectable with RTT Fingerprinting TL;DR explanation (go to https://ift.tt/iIlpQJc... if you want the formatted version) This is done by measuring the minimum TCP RTT (client.socket.tcpi_min_rtt) seen and the smoothed TCP RTT (client.socket.tcpi_rtt). I am getting this data by using Fastly Custom VCL, they get this data from the Linux kernel (struct tcp_info -> tcpi_min_rtt and tcpi_rtt). I am using Fastly for the Demo since they have PoPs all around the world and they expose TCP socket data to me. The score is calculated by doing tcpi_min_rtt/tcpi_rtt. It's simple but it's what worked best for this with the data Fastly gives me. Based on my testing, 1-0.7 is normal, 0.7-0.3 is normal if the connection is somewhat unstable (WiFi, mobile data, satellite...), 0.3-0.1 is low and may be a proxy, anything lower than 0.1 is flagged as TCP proxy by the current code. https://ift.tt/HcNsPVl December 26, 2025 at 02:04AM