how to block hotspot shield ?

RouterOS General
1

Hi All I have a mikrotik os 5.26 how to block hotspot shield >

2

hotspot shield is some kind of VPN tunnel. you can block everything that is not TCP port 80 traffic, and force all port 80 traffic through a transparent proxy, but this will block all kinds of other things as well

3

There is no way to block VPN connection mikrotik router ???

4

only if you know the type :slight_smile: I think the hotspot shield supports many types and can work around common setups. maybe somebody has researched how it works?

5

If you know the type are the please help me ?

6

somebody has made such tutorial, maybe it helps:
http://wiki.mikrotik.com/wiki/How_to_Detect_and_Block_Hotspot_Shield_program_traffic(openvpn_application)

7

This is not working i tried many times
when i bought mikrotik router i was very happy to block all vpn connection but its nothing …

8

what firewall rule is allowing the traffic? Do you have proper rules ending with block all other input and forward traffic?

The only traffic that should be allowed to traverse to an unauthenticated hotspot user is https, http and DNS. You can do IP over DNS so you need checks in place to block this. All http/https traffic should be sent to the login page. Anything else should be dropped.

edit:
fixed link as above

9

also there was usually common practice on public hotspots to drop 41, 43, 44, 58, 59, 60 protocols for same purposes.
but generally there quite common approach to handle with most dodgy “services” was to maintain persistently-update blocklist of their services and C&C adress space in blocklists and blackhole traffic from/to it.
just like how society of engineers - maintain and distribute web advertisers blocklilists to blackhole right into network devices or fliter-out TOR network traffic or other illicit activity.

10

Hi, Hotspot Sheild is a VPN. You can unblock the Geo restricted websites with Hotspot Sheild. For more details check this Hotspot Sheild Review.

11

“direct” , crash-course approach with blocking relevant CIDR is also had some popularity.
https://aacable.wordpress.com/2014/12/31/blocking-hotspot-shield-in-mikrotik/
https://community.spiceworks.com/topic/277623-best-way-to-block-hotspot-shield-and-other-unwanted-proxy-vpn-style-software
but you have to move Quck along with adapting “service” providers, along with relevant communities, maintaining block-lists.

i think link is slightly broken, perhaps.
would be more correct/approrpriate this one http://wiki.mikrotik.com/wiki/How_to_Detect_and_Block_Hotspot_Shield_program_traffic(openvpn_application) ?