Sign in to follow this  
Followers 0
torrvakhri

Blocking Ultra Surf 8.9

17 posts in this topic

Hey Guys,

This application (UltraSurf 8.9) is giving Trouble to all the Colleges, Companies and Universities throughout thw world.

I need to stop it in my college, can anyone Help me with it.

Regards,

CyberCop

Edited by torrvakhri
-1

Share this post


Link to post
Share on other sites

Could you use a larger font please? I don't think I can quite read that from across the room without my glasses.

It's a proxy program. Block the proxy ports. Block the proxies that come up. Do a little reverse engineering, grab the proxy list that this program uses and block them all at once. Automate it, set a cron job and run it every day or every hour. If you had a competent IT staff, this wouldn't be a problem. Not that that will do anything anyway, they'll just find a way around it.

This raises an interesting question though. As a university, should you be blocking sites at all? I realize that some things like Bittorrent and other file sharing programs really eat up the bandwidth and blocking them may be a necessity, but this program doesn't aid access to such services. What other reason would you need a proxy program such as this? Perhaps you're blocking something you shouldn't and the students know that. The university is built on the free exchange of ideas, wouldn't limiting access to these ideas merely be counterproductive?

So I guess my question to you is this: What is this "trouble" you speak of?

-1

Share this post


Link to post
Share on other sites

To my opinion Don't block ultrasurf.............. :) (only communists (china) do that)

It also filters bad things (porn and unwanted stuff, so people cannot browse those stuffs through ultrasurf) also it doesn't supports bittorrent............

It's created with the intent to give freedom of opinion to people..........

Lets come to your query

[Content suppressed as per my friends compulsion ]

Torrvakri are you from punjab? If so then, punjab is not in china its in india...so my suggestion is that give people freedom don't hurt their freedom...........

Edited by SAGA
0

Share this post


Link to post
Share on other sites
Could you use a larger font please? I don't think I can quite read that from across the room without my glasses.

It's a proxy program. Block the proxy ports. Block the proxies that come up. Do a little reverse engineering, grab the proxy list that this program uses and block them all at once. Automate it, set a cron job and run it every day or every hour. If you had a competent IT staff, this wouldn't be a problem. Not that that will do anything anyway, they'll just find a way around it.

This raises an interesting question though. As a university, should you be blocking sites at all? I realize that some things like Bittorrent and other file sharing programs really eat up the bandwidth and blocking them may be a necessity, but this program doesn't aid access to such services. What other reason would you need a proxy program such as this? Perhaps you're blocking something you shouldn't and the students know that. The university is built on the free exchange of ideas, wouldn't limiting access to these ideas merely be counterproductive?

So I guess my question to you is this: What is this "trouble" you speak of?

Doesn't this look like spam to you. Good reply but if hes a "computer it" then he should know this. And again its spam and his first post <_<

0

Share this post


Link to post
Share on other sites
Doesn't this look like spam to you. Good reply but if hes a "computer it" then he should know this. And again its spam and his first post <_<

Not really. It doesn't link to anything, or speak favorably of anything at all. It's also hand-typed, you can see that he edited the post at least once. It's no SPAM like I've ever seen. We'll see if he comes back to discuss things more.

0

Share this post


Link to post
Share on other sites

Hey guys,

Thanks for ur time for replies.

Ultra Surf is giving Complete freedom to our students and they are deviating from their studies.

Instead of opening wikipedia in classes, they open orkut.com

Plus it violates our college policy for website filtering and I am under orders from my Senior Admin to block this.

I agree freedom should be given, but in India, not all students worry about their careers and prefer fun instead of studies if they can.

So please help me.

Thanks in advance.

Edited by torrvakhri
0

Share this post


Link to post
Share on other sites

Try blocking the servers which ultrasurf initially communicates..........

Block port 9666 in all local machines through windows firewall are some thing...............may be you can enforce this as a policy from the windows server!

I agree freedom should be given, but in India, not all students worry about their careers and prefer fun instead of studies if they can.

Why should you care about their careers lol......They are not kids i guess (more than 18 years old )...........

If you are going to block all these stuffs then they will call you as a hitler (lol just kidding)

Edited by SAGA
0

Share this post


Link to post
Share on other sites

I understand your superiors told you to block it, but really it won't do anything. They'll find more proxies to get around your filters. They don't all have to be geniuses, just one smart one shows the rest how to do it.

If they're not ready to buckle down and study hard, you can't force them. No matter how many web sites you block, they'll still do whatever it is they want to do (either study or goof off). If they waste their time and don't study enough, there's a simple solution: don't give them a degree. It's up to them to decide if they deserve a degree.

But anyway, download the proxy program and see where it downloads its list of proxies from. Get that list, block those IP addresses and you're done. Repeat this every so often as new proxies are added and deleted all the time. If you're lucky, it's a small list of proxies. If you're unlucky, it's a list of thousands of dynamic proxies that will be impossible to block. If all the proxies operate on a single TCP port, try blocking that port. If they don't, unless there are just a few ports they operate on, blocking the ports will be a losing battle as well.

0

Share this post


Link to post
Share on other sites
If they waste their time and don't study enough, there's a simple solution: don't give them a degree. It's up to them to decide if they deserve a degree.

I like this point.................But sadly :( most people are trying to force others..thinking that they are saving thousands of peoples from deviating.............

0

Share this post


Link to post
Share on other sites

Hey Ohm,

I tried to find where this program tries to store its proxy list.

I tried with Sysinternals Filemon, KaKeeware etc.

Turns out this prog is encrypting file names and data.

I am stuck here.

Edited by torrvakhri
0

Share this post


Link to post
Share on other sites

It's probably simpler than that. Run the client and monitor the network with wireshark. If you're lucky, the list is just downloaded via HTTP with no authentication or encryption. Then you can just download it yourself.

0

Share this post


Link to post
Share on other sites

Hey guys,

I just thought of a new idea.

Maybe I can force my Internet Gateway or Proxy server to accept only URLs and Domain Names.

If anybody(including UltraSurf) generates a request with an IP in the browser's Address bar, it is denied.

Do u think it is possible to do.

I dont know which NAT gateway/Proxy server has this feature, so please give me some names here.

0

Share this post


Link to post
Share on other sites
Maybe I can force my Internet Gateway or Proxy server to accept only URLs and Domain Names.

If anybody(including UltraSurf) generates a request with an IP in the browser's Address bar, it is denied.

Do u think it is possible to do.

I highly doubt that, because browsers work by sending a request to the DNS Server then they talk directly with the IP address in stead of using the domain or URL.

If you want to spend time home-brewing an application, then I guess it would be possible by monitoring all the DNS requests and blocking traffic to IP Addresses which

were not sent back from a DNS server. In any case, this is still easy to bypass.

0

Share this post


Link to post
Share on other sites

Ultrasurf is extremely difficult to block. Blocking ports will not work, unless you block all outbound access (and thats not gonna happen). Ultrasurf uses an SSL socket with whats called dns fluxing. It is able to dynamically map to thousands of proxies, dynamic being the operative word here. You can't just block port 9666 or 443 (which is used locally by the client anyways) and you can't filter the dns listing used for proxies because by the time you do thousands more new ones are there. It is one of the best proxy apps out there. There are commercial vendors who can block it though, but they are $$$. Basically they act as an SSL interceptor and perform dpi (deep packet inspection). Some cheaper filters perform SSL sig analysis and will fire on incorrect certs as well.

One measure of control is containing the desktop. If you use something like NAC you can mitigate things somewhat along with some form of SSL interception. Blocking ISP dynamically assigned IP ranges helps to since that is there many of the proxys are spawned from (botnets). Also since there is a policy it needs to be enforced. If you make an example of people others may be less inclined to break the rules.

This thing is a bitch but it works very well and leaves no footprint. Good luck.

brill

Edited by brill
0

Share this post


Link to post
Share on other sites

hmm.this app seems to be hard to block..............

i have an idea...

In your college notice board leave a notice "Students who are using ultrasurf will be suspended from the college and will be fined a $$$"

This thing will help a lot :D

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0