https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673173#M556827 <HTML><HEAD></HEAD><BODY><P>Dear all,</P><P></P><P>I have applied all these things but still that is working and bypass to firewall.</P><P></P><P></P><P>I.A</P></BODY></HTML> Tue, 03 May 2011 07:19:23 GMT Imran Irshad 2011-05-03T07:19:23Z https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673170#M556822 <P align="right" class="MsoNormal" style="text-align: left;"><SPAN>Dear All,</SPAN></P><P></P><P align="right" class="MsoNormal" style="text-align: left;"><SPAN>How can I block Ultrasurf Application?</SPAN></P><P></P><P class="MsoNormal"><SPAN><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P><P></P><P class="MsoNormal"><SPAN><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN></P><P></P><P align="right" class="MsoNormal" style="text-align: left;"><SPAN>I have configured Cisco ASA 5520 with Cisco CSC-SSM module.</SPAN></P><P align="right" class="MsoNormal"></P><P></P><P align="right" class="MsoNormal" style="text-align: left;"><SPAN>I have blocked everything Except Business and banking activities.</SPAN></P><P align="right" class="MsoNormal"></P><P></P><P align="right" class="MsoNormal" style="text-align: left;"><SPAN>But user can access A 2 Z traffic&nbsp; through Ultrasurf.exe application. which bypasses all possible firewalls.</SPAN></P><P align="right" class="MsoNormal"></P><P></P><P align="right" class="MsoNormal" style="text-align: left;"><SPAN>How can I blocked this application?</SPAN></P><P align="right" class="MsoNormal"></P><P align="right" class="MsoNormal"></P><P align="right" class="MsoNormal"></P><P></P><P align="right" class="MsoNormal" style="text-align: left;"><SPAN>Any solution??????????????</SPAN></P><P align="right" class="MsoNormal"></P><P align="right" class="MsoNormal"></P><P align="right" class="MsoNormal" style="text-align: left;">Thanks</P><P align="right" class="MsoNormal"></P><P align="right" class="MsoNormal" style="text-align: left;">I.A</P><P></P><P align="right" class="MsoNormal" style="text-align: left;"><SPAN> </SPAN></P> Mon, 11 Mar 2019 20:27:25 GMT https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673170#M556822 Imran Irshad 2019-03-11T20:27:25Z https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673171#M556823 <HTML><HEAD></HEAD><BODY><P>I'm not familiar with ultrasurf, but it appears to just be a proxy addon for your browser. Here are some ideas...</P><P></P><P>1) Remove admin access on the PCs so that executables cannot be run.</P><P>2) Sniff the ultrasurf traffic and block outbound traffic destined to their proxy-server IP addresses</P><P>3) Sniff the ultrasurf DNS traffic to determine the proxy DNS names. Then poison the responses on your DNS server. You will also need to block all DNS traffic except that which is destined to your server as well. </P><P></P><P>I hope this helps.</P><P></P><P>Thanks,</P><P>Brendan</P></BODY></HTML> Sat, 30 Apr 2011 16:26:56 GMT https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673171#M556823 brquinn 2011-04-30T16:26:56Z https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673172#M556825 <HTML><HEAD></HEAD><BODY><P>Imran,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; From what I've seen, ultrasurf connects to the remote proxies over an SSL secured connection on tcp/443. If you manually block all connections outbound on TCP/443 it may block the application but at the expense of legit HTTPS sites. You could then manually configured your ACL to allow connection to only some specific HTTPs and deny all others, but that would be a headache to administer.&nbsp; Let me what else we could do...</P><P>Posted from my mobile device.</P></BODY></HTML> Sat, 30 Apr 2011 20:23:30 GMT https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673172#M556825 Magnus Mortensen 2011-04-30T20:23:30Z https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673173#M556827 <HTML><HEAD></HEAD><BODY><P>Dear all,</P><P></P><P>I have applied all these things but still that is working and bypass to firewall.</P><P></P><P></P><P>I.A</P></BODY></HTML> Tue, 03 May 2011 07:19:23 GMT https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673173#M556827 Imran Irshad 2011-05-03T07:19:23Z https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673174#M556831 <HTML><HEAD></HEAD><BODY><P>How exactly is it bypassing the firewall? Can you provide logs or packet captures showing what traffic is being sent and what rules you have in place that should be denying the traffic?</P><P></P><P>Thanks,</P><P>Brendan</P></BODY></HTML> Tue, 03 May 2011 13:52:09 GMT https://community.cisco.com/t5/network-security/how-to-block-all-bypasses-application-is-it-possible-with-cisco/m-p/1673174#M556831 brquinn 2011-05-03T13:52:09Z