I blocked related port number but kerio still fails to forbid ultrasurf. Is there anyone solved this problem ?
3 Answers
have a look at the last pages
They say that they blocked it.
(I hope that linking to other sites it's not a violation :p)
![](../../users/profiles/48246.webp)
- 1,994
- 11
- 13
Blocking of port 9666 will not help - this is localhost port only. You have to monitor connections to port 443. There is Brazilian Linux script for blacklisting ultrasurf servers using iptstate (can't find it at the moment) - but in my case it was enough just to block packets to destination network 65.49.0.0/18 with destination port 443.
Here is another way to block -
Article from Symantec is on using hash to prevent ultrasurf application from running.
Another article on blocking based on object footprint.
![](../../users/profiles/25423.webp)
- 458
- 3
- 11
Check out Palo Alto firewalls, they inspect the payload, not the header of packets to determine application and filter on that. I like how they pull in the need for separate devices into your edge.
![](../../users/profiles/50458.webp)
- 8,733
- 1
- 23
- 35