Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1904
Views
0
Helpful
4
Replies

How to block all bypasses application. ( Is it possible with Cisco)

Imran Irshad
Level 1
Level 1

‎04-29-2011 11:32 PM - edited ‎03-11-2019 01:27 PM

Dear All,

How can I block Ultrasurf Application?

                                                        

                                                        

I have configured Cisco ASA 5520 with Cisco CSC-SSM module.

I have blocked everything Except Business and banking activities.

But user can access A 2 Z traffic  through Ultrasurf.exe application. which bypasses all possible firewalls.

How can I blocked this application?

Any solution??????????????

Thanks

I.A

Labels:
0 Helpful
4 Replies 4

brquinn
Level 1
Level 1

‎04-30-2011 09:26 AM

I'm not familiar with ultrasurf, but it appears to just be a proxy addon for your browser. Here are some ideas...

1) Remove admin access on the PCs so that executables cannot be run.

2) Sniff the ultrasurf traffic and block outbound traffic destined to their proxy-server IP addresses

3) Sniff the ultrasurf DNS traffic to determine the proxy DNS names. Then poison the responses on your DNS server. You will also need to block all DNS traffic except that which is destined to your server as well.

I hope this helps.

Thanks,

Brendan

0 Helpful

Magnus Mortensen
Cisco Employee
Cisco Employee

‎04-30-2011 01:23 PM

Imran,      From what I've seen, ultrasurf connects to the remote proxies over an SSL secured connection on tcp/443. If you manually block all connections outbound on TCP/443 it may block the application but at the expense of legit HTTPS sites. You could then manually configured your ACL to allow connection to only some specific HTTPs and deny all others, but that would be a headache to administer.  Let me what else we could do...

Posted from my mobile device.

0 Helpful

Imran Irshad
Level 1
Level 1
In response to Magnus Mortensen

‎05-03-2011 12:19 AM

Dear all,

I have applied all these things but still that is working and bypass to firewall.

I.A

0 Helpful

brquinn
Level 1
Level 1
In response to Imran Irshad

‎05-03-2011 06:52 AM

How exactly is it bypassing the firewall? Can you provide logs or packet captures showing what traffic is being sent and what rules you have in place that should be denying the traffic?

Thanks,

Brendan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card