cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1195
Views
0
Helpful
3
Replies

Blocking Ultrasurf in PIX

andre.ortega
Spotlight
Spotlight

Hi,

How can I block Ultrasurf applicantion in a PIX?

Regards.

3 Replies 3

tprendergast
Level 3
Level 3

There are a few ways.

1) Install the product, fire up a sniffer, launch the product, identify the subnets it talks to for their proxy servers. Block those by IP.

2) Block these IP Ranges (allocated to them by ARIN)

Ultrareach Internet Corp EVRY-229 (NET-67-15-183-0-1) 67.15.183.0 - 67.15.183.127

UltraReach Internet Corp. EVRY-231 (NET-67-15-151-64-1) 67.15.151.64 - 67.15.151.127

3) Put a null route to those networks in at your edge or inside network so the traffic goes nowhere.

You can get more ideas, but that is a good start. Basically, Ultrasurf uses an encrypted connection to a set of proxy servers in their IP space. If you cutoff access to their IP space, you are effectively neutering their product and making it useless.

Cheers,

Tim

Not work because the ip range every change. Here ultrasurf is using 65.49.2.121 now.

Regards.

Watch the packet capture... it must be doing a DNS query to resolve those IP addresses. Look into the DNS packet and block all IPs associated to that A-record, or put in an A-record for that DNS name on your DNS servers and send it to 127.0.0.1. This will blackhole the client.

The Pix, without deep packet inspection for URLs, won't be much help here.

You could enable the URL filtering with Websense and see if they block it, but that would be about as much as you could do.

Review Cisco Networking for a $25 gift card