04-29-2011 11:32 PM - edited 03-11-2019 01:27 PM
Dear All,
How can I block Ultrasurf Application?
I have configured Cisco ASA 5520 with Cisco CSC-SSM module.
I have blocked everything Except Business and banking activities.
But user can access A 2 Z traffic through Ultrasurf.exe application. which bypasses all possible firewalls.
How can I blocked this application?
Any solution??????????????
Thanks
I.A
04-30-2011 09:26 AM
I'm not familiar with ultrasurf, but it appears to just be a proxy addon for your browser. Here are some ideas...
1) Remove admin access on the PCs so that executables cannot be run.
2) Sniff the ultrasurf traffic and block outbound traffic destined to their proxy-server IP addresses
3) Sniff the ultrasurf DNS traffic to determine the proxy DNS names. Then poison the responses on your DNS server. You will also need to block all DNS traffic except that which is destined to your server as well.
I hope this helps.
Thanks,
Brendan
04-30-2011 01:23 PM
Imran, From what I've seen, ultrasurf connects to the remote proxies over an SSL secured connection on tcp/443. If you manually block all connections outbound on TCP/443 it may block the application but at the expense of legit HTTPS sites. You could then manually configured your ACL to allow connection to only some specific HTTPs and deny all others, but that would be a headache to administer. Let me what else we could do...
Posted from my mobile device.
05-03-2011 12:19 AM
Dear all,
I have applied all these things but still that is working and bypass to firewall.
I.A
05-03-2011 06:52 AM
How exactly is it bypassing the firewall? Can you provide logs or packet captures showing what traffic is being sent and what rules you have in place that should be denying the traffic?
Thanks,
Brendan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide