Community discussions

 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

How to block anonymous proxy and ultrasurf

Sun Jan 16, 2011 1:18 pm

Hello
I'd like to block anonymous proxies that using ssl protocol.
Is there any way to block that sites?, my users can only use tcp ports 80 and 443.
Could You tell me please how to block, say ultrasurf by regexp ?
I'm using ROS 4.13 .
 
User avatar
nest
Forum Veteran
Forum Veteran
Posts: 811
Joined: Tue Feb 27, 2007 1:52 am
Location: UK
Contact:

Re: How to block anonymous proxy and ultrasurf

Sun Jan 16, 2011 4:55 pm

The purpose of SSL is that the traffic is encrypted between the server and the end user. No amount of packet sniffing is going to assist you to determine that they are using a proxy. There was a solution that used a specific pattern at the Client Hello stage, but that pattern is not unique to Ultrasurf and I suspect you were only using Ultrasurf as a typical example of a proxy service.

Instead, one possible idea I have is to use the destination dns name / IP address instead (as this is open and easy to determine from the encrypted traffic as it is outside of the encrypted part) and compare their destination proxy server against a regularly updated blacklist of proxy servers.

You would need to download a daily blacklist from someone like urlblacklist.com and apply that list to your address list on the Mikrotik to block access to those destination IPs. As ROS cannot directly untar a .gz file, you will need another device to download and untar the list.

The only problem with using a blacklist and relying purely on destination IP only, is when the proxy is hosted on a server shared with other services unrelated to that proxy server.

We use this service with DansGuardian to protect networks used by children and have found it very effective.
Ron Touw - Mikrotik Certified Trainer
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/category/166
Largest Official UK MikroTik Distributor
IRC channel: #routerboard on irc.z.je (IPv4), 6.irc.z.je (IPv6)
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: How to block anonymous proxy and ultrasurf

Sun Jan 16, 2011 5:01 pm

Thank You very much, I'll try and tell You the result.

Who is online

Users browsing this forum: Bing [Bot], MSN [Bot] and 148 guests