-1

I blocked related port number but kerio still fails to forbid ultrasurf. Is there anyone solved this problem ?

3 Answers3

1

have a look at the last pages

http://www.astaro.org/astaro-gateway-products/web-security-http-https-ftp-im-p2p-web-filtering-antivirus/20319-ultra-surf-8-8-how-block-4.html

They say that they blocked it.

(I hope that linking to other sites it's not a violation :p)

Nikolaidis Fotis
  • 1,994
  • 11
  • 13
0

Blocking of port 9666 will not help - this is localhost port only. You have to monitor connections to port 443. There is Brazilian Linux script for blacklisting ultrasurf servers using iptstate (can't find it at the moment) - but in my case it was enough just to block packets to destination network 65.49.0.0/18 with destination port 443.

Here is another way to block -

Article from Symantec is on using hash to prevent ultrasurf application from running.

Another article on blocking based on object footprint.

alexm
  • 458
  • 3
  • 11
0

Check out Palo Alto firewalls, they inspect the payload, not the header of packets to determine application and filter on that. I like how they pull in the need for separate devices into your edge.

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35