Hi All,
I need to block Teamspeak, I’d like to do so with the layer7 protocol. Because port blocks can be bypassed.
I found this:
^\xf4\xbe\x03.*teamspeak
But it doesn’t work. I am still able to connect to the teamspeak test server.
any help would be awesome 
What is the benefit if it is blocked , without block program vpn like “psiphon vpn” buz user can install psiphon vpn to connect with outside server can open all block program.
It would be fine if the user would connect trough a VPN, this would prevent other people to see our IP.
You have idea or rule to block psiphon vpn? I need to block psiphon vpn.
When will you stop whining about that?
Psiphon VPN is designed in such a way that it cannot easily be blocked. Live with it.
Furthermore, if you would succeed in blocking it (e.g. by finding all IP addresses of their servers and blocking those),
there are 1000 other services like that, so your users will simply switch to another.
No I don’t, and I don’t care if people use a VPN.
My question though remains, How can I block Teamspeak with layer 7?
to elaborate on my question; It seems, one of my users is stalking other users with teamspeak using somekind of scriptkiddie tool. I want to prevent him from harming other internet users.
You can watch by tool “torch” and open the program you can see all ip’s addresses and ports that program use it.
And block all ip address by address list.
I watched by torch and i find more than 200 ip’s addresses added by address list and block by rule but program still active with new ip address.
There are an insane amount of teamspeak servers out there, it would be impossible to block them all. the same goes for blocking used ports, that’s why I thought about using layer7.
seems that “^\xf4\xbe\x03.*teamspeak” this pattern only matches the actual UDP voice traffic, not the TeamSpeak web interface or “TCP query”. (http://l7-filter.sourceforge.net/protocols)
I think I got it working, and so simple. if there is a better way, please share it or correct me.
I captured some traffic when connecting to different Teamspeak servers, it seems all first packets have the same phrase inside of them. So I used that as my regex. It seems to kill all connection attempt.
Isn’t it overkill? You killed his Teamspeaker - and everybody else too! Wouldn’t be better to just kick the user out? He is bound to find something else to keep pestering others…
Your are right. Under normal circumstances I would never take such drastic measures, but just block the user. In this case the police is involved now and I need to make sure, other user won’t make the same mistake.
Which correct method used to block it
Ah. Bad apples and all. I’m sorry to hear it. It is amazing how a few idiots always find a way to ruin it to everyone else. Hope the police gets him, and good riddance.
post number 10.