Page 1 of 1

How to block anonymous proxy and ultrasurf

Posted: Sun Jan 16, 2011 1:18 pm
by karo84
Hello
I'd like to block anonymous proxies that using ssl protocol.
Is there any way to block that sites?, my users can only use tcp ports 80 and 443.
Could You tell me please how to block, say ultrasurf by regexp ?
I'm using ROS 4.13 .

Re: How to block anonymous proxy and ultrasurf

Posted: Sun Jan 16, 2011 4:55 pm
by nest
The purpose of SSL is that the traffic is encrypted between the server and the end user. No amount of packet sniffing is going to assist you to determine that they are using a proxy. There was a solution that used a specific pattern at the Client Hello stage, but that pattern is not unique to Ultrasurf and I suspect you were only using Ultrasurf as a typical example of a proxy service.

Instead, one possible idea I have is to use the destination dns name / IP address instead (as this is open and easy to determine from the encrypted traffic as it is outside of the encrypted part) and compare their destination proxy server against a regularly updated blacklist of proxy servers.

You would need to download a daily blacklist from someone like urlblacklist.com and apply that list to your address list on the Mikrotik to block access to those destination IPs. As ROS cannot directly untar a .gz file, you will need another device to download and untar the list.

The only problem with using a blacklist and relying purely on destination IP only, is when the proxy is hosted on a server shared with other services unrelated to that proxy server.

We use this service with DansGuardian to protect networks used by children and have found it very effective.

Re: How to block anonymous proxy and ultrasurf

Posted: Sun Jan 16, 2011 5:01 pm
by karo84
Thank You very much, I'll try and tell You the result.