[ASK] How to block Ultrasurf ???

vzouh · Wed Dec 23, 2009 4:05 am

Please anyone help me how to block acces from ultrasurf ???
it's use https/443 and tons of IP's so it almost impossible to filter it's IP's
maybe someone can figure out this or maybe using layer7
thanks in advance

DannyZ · Wed Dec 23, 2009 1:26 pm

How about blocking 9666 port?

Chupaka · Wed Dec 23, 2009 2:41 pm

it's use https/443

omidkosari · Fri Dec 25, 2009 2:23 pm

like IRAN government block all https and port 443

ananias1985 · Fri Mar 12, 2010 2:20 pm

i have bloked 443 to all exept to my proxy. It worked.

awarmanf · Mon Apr 26, 2010 1:14 pm

It works perfectly on linux by using this iptables rule below:

iptables -I FORWARD -m tcp -p tcp --dport 443 -m string --to 256 --hex-string   '|16030100410100003d0301|' --algo bm -j DROP

It will block tcp packet sent from client to tcp port 443 and contain "Client Hello".

If ultrasurf uses different port other than 443, we can use this rule:

iptables -I FORWARD -m tcp -p tcp --tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string --to 256 --hex-string   '|16030100410100003d0301|' --algo bm -j DROP

It will block tcp packet sent from client with tcp-flags ACK,PSH set and contain "Client Hello".

Unfortunately I can not use mikrotik to block the ultrasurf with layer7.
I am using this layer7 but it will also match connection to port 443 login facebook.

/ip firewall layer7-protocol
add name=ultrasurf regexp="^\16\03\01\00\41\01\00\00\3D\03\01"
/ip firewall mangle
add chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=ultrasurf \
  address-list-timeout=0s  layer7-protocol=ultrasurf in-interface=lan dst-port=443

Sincerely,

Arief Yudhawarman
http://awarmanf.wordpress.com

[ASK] How to block Ultrasurf ???

[ASK] How to block Ultrasurf ???

Re: [ASK] How to block Ultrasurf ???

Re: [ASK] How to block Ultrasurf ???

Re: [ASK] How to block Ultrasurf ???

Re: [ASK] How to block Ultrasurf ???

Re: [ASK] How to block Ultrasurf ???

Who is online