[ASK] How to block Ultrasurf ???
RouterOS general discussion

6 posts   •   Page 1 of 1
vzouh
just joined
 
Posts: 10
Joined: Tue Dec 01, 2009 4:59 pm

[ASK] How to block Ultrasurf ???

by vzouh » Wed Dec 23, 2009 5:05 am

Please anyone help me how to block acces from ultrasurf ???
it's use https/443 and tons of IP's so it almost impossible to filter it's IP's
maybe someone can figure out this or maybe using layer7
thanks in advance :)

User avatar
DannyZ
Member Candidate
Member Candidate
 
Posts: 230
Joined: Mon Sep 07, 2009 2:21 pm
Location: Latvia

Re: [ASK] How to block Ultrasurf ???

by DannyZ » Wed Dec 23, 2009 2:26 pm

How about blocking 9666 port?

User avatar
Chupaka
Forum Guru
Forum Guru
 
Posts: 7236
Joined: Mon Jun 19, 2006 11:15 pm
Location: Home Network Ltd., Minsk, Belarus

Re: [ASK] How to block Ultrasurf ???

by Chupaka » Wed Dec 23, 2009 3:41 pm

vzouh wrote:it's use https/443

:)
For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.

skype: pavel.skuratovich

User avatar
omidkosari
Long time Member
Long time Member
 
Posts: 561
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj

Re: [ASK] How to block Ultrasurf ???

by omidkosari » Fri Dec 25, 2009 3:23 pm

like IRAN government block all https and port 443 :twisted:

ananias1985
just joined
 
Posts: 1
Joined: Fri Mar 12, 2010 3:16 pm

Re: [ASK] How to block Ultrasurf ???

by ananias1985 » Fri Mar 12, 2010 3:20 pm

i have bloked 443 to all exept to my proxy. It worked.

awarmanf
just joined
 
Posts: 14
Joined: Thu Apr 03, 2008 2:04 pm

Re: [ASK] How to block Ultrasurf ???

by awarmanf » Mon Apr 26, 2010 1:14 pm

It works perfectly on linux by using this iptables rule below:

Code: Select all
iptables -I FORWARD -m tcp -p tcp --dport 443 -m string --to 256 --hex-string   '|16030100410100003d0301|' --algo bm -j DROP


It will block tcp packet sent from client to tcp port 443 and contain "Client Hello".

If ultrasurf uses different port other than 443, we can use this rule:
Code: Select all
iptables -I FORWARD -m tcp -p tcp --tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string --to 256 --hex-string   '|16030100410100003d0301|' --algo bm -j DROP


It will block tcp packet sent from client with tcp-flags ACK,PSH set and contain "Client Hello".

Unfortunately I can not use mikrotik to block the ultrasurf with layer7.
I am using this layer7 but it will also match connection to port 443 login facebook.

Code: Select all
/ip firewall layer7-protocol
add name=ultrasurf regexp="^\16\03\01\00\41\01\00\00\3D\03\01"
/ip firewall mangle
add chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=ultrasurf \
  address-list-timeout=0s  layer7-protocol=ultrasurf in-interface=lan dst-port=443


Sincerely,

Arief Yudhawarman
http://awarmanf.wordpress.com

6 posts   •   Page 1 of 1

Who is online

Users browsing this forum: creeptx, emils, Google Feedfetcher, tsabi and 60 guests

It is currently Thu Dec 18, 2014 3:24 pm