i am using Mikrotik RB450G. I can’t block hotspot shield. Plz help.
or
layer 7 protocols hotspot shield?
That link is no more [u]http://wiki.mikrotik.com/wiki/How_to_De_…_pplication[/u]
search in wiki page…
Dear I search in wiki but its too old for hotspot shield. The program dev. day by day. can any help layer7 block.
please try this link. i hope you have got something.
http://wiki.mikrotik.com/wiki/How_to_Detect_and_Block_Hotspot_Shield_program_traffic(openvpn_application)
best regards
iamjahid Hello,
try to block Hotspot Shield Ports Number,
usually it works on 5345,5938,5245,3398,3451,5265,1755,5050,5396,10000-10010,9000,3211,15000-15010,1935,5231,800,989
you can block this list through ur firewall.
Thank You.
komailov Hello,
i already block this port but it wont work. …5345,5938,5245,3398,3451,5265,1755,5050,5396,10000-10010,9000,3211,15000-15010,1935,5231,800,989.
Dotnet hello,
http://wiki.mikrotik.com/wiki/How_to_De … ication%29
the Article publish 2011 but now 2013.
Thank You.
Have you ever do a search? 
Use this, it works for me, well THE ONLY one that works:
http://forum.mikrotik.com/t/hotspot-shield-solution-for-all-the-mikrotik-users/64529/1
ok. Actually you have to need more customization in firewall rules.
Here is the solution.
Detect and Block Hotspot Shield program traffic (vpn application)
/ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList
address-list-timeout=4d4h chain=prerouting comment=WhiteList content=
!127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers
address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers
content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList
address-list-timeout=4d4h chain=prerouting comment=WhiteList content=
!127.0.0.1:895 disabled=no dst-port=443 protocol=tcp
/ip firewall filter
add action=drop chain=forward comment=“"Block HotSpot Shield"” disabled=no
src-address-list=HotSpotShieldUsers
Detect and Block UltraSurf program traffic
/ip firewall filter
add action=drop chain=forward comment=“Block UltraSurf” disabled=no dst-port=
443 protocol=tcp src-address-list=UltraSurfUsers
/ip firewall mangle
add action=add-src-to-address-list address-list=UltraSurfUsers
address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=
no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp
/ip firewall address-list
add address=65.49.0.0/17 comment=“” disabled=no list=UltraSurfServers
add address=204.107.140.0/24 comment=“” disabled=no list=UltraSurfServers
Block DNS
/ip firewall filter
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.194.50 dst-port=53 protocol=udp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=tcp
add action=accept chain=forward comment=DNS disabled=no dst-address=198.153.192.50 dst-port=53 protocol=udp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=tcp
add action=drop chain=forward comment=DNS disabled=no dst-port=53 protocol=udp
It has work with 5.20. please try this way, may be it will be done.
best regards