Community discussions

MikroTik App
 
User avatar
vzouh
just joined
Topic Author
Posts: 12
Joined: Tue Dec 01, 2009 3:59 pm
Contact:

[ASK] How to block Ultrasurf ???

Wed Dec 23, 2009 4:05 am

Please anyone help me how to block acces from ultrasurf ???
it's use https/443 and tons of IP's so it almost impossible to filter it's IP's
maybe someone can figure out this or maybe using layer7
thanks in advance :)
 
User avatar
DannyZ
Member Candidate
Member Candidate
Posts: 230
Joined: Mon Sep 07, 2009 2:21 pm
Location: Latvia

Re: [ASK] How to block Ultrasurf ???

Wed Dec 23, 2009 1:26 pm

How about blocking 9666 port?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: [ASK] How to block Ultrasurf ???

Wed Dec 23, 2009 2:41 pm

it's use https/443
:)
 
User avatar
omidkosari
Trainer
Trainer
Posts: 640
Joined: Fri Sep 01, 2006 4:18 pm
Location: Canada, Toronto

Re: [ASK] How to block Ultrasurf ???

Fri Dec 25, 2009 2:23 pm

like IRAN government block all https and port 443 :twisted:
 
ananias1985
just joined
Posts: 1
Joined: Fri Mar 12, 2010 2:16 pm

Re: [ASK] How to block Ultrasurf ???

Fri Mar 12, 2010 2:20 pm

i have bloked 443 to all exept to my proxy. It worked.
 
awarmanf
just joined
Posts: 15
Joined: Thu Apr 03, 2008 2:04 pm

Re: [ASK] How to block Ultrasurf ???

Mon Apr 26, 2010 1:14 pm

It works perfectly on linux by using this iptables rule below:
iptables -I FORWARD -m tcp -p tcp --dport 443 -m string --to 256 --hex-string   '|16030100410100003d0301|' --algo bm -j DROP
It will block tcp packet sent from client to tcp port 443 and contain "Client Hello".

If ultrasurf uses different port other than 443, we can use this rule:
iptables -I FORWARD -m tcp -p tcp --tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string --to 256 --hex-string   '|16030100410100003d0301|' --algo bm -j DROP
It will block tcp packet sent from client with tcp-flags ACK,PSH set and contain "Client Hello".

Unfortunately I can not use mikrotik to block the ultrasurf with layer7.
I am using this layer7 but it will also match connection to port 443 login facebook.
/ip firewall layer7-protocol
add name=ultrasurf regexp="^\16\03\01\00\41\01\00\00\3D\03\01"
/ip firewall mangle
add chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=ultrasurf \
  address-list-timeout=0s  layer7-protocol=ultrasurf in-interface=lan dst-port=443
Sincerely,

Arief Yudhawarman
http://awarmanf.wordpress.com

Who is online

Users browsing this forum: Ahrefs [Bot] and 104 guests