Search squid archive

Re: R: Blocking hotshield vpn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I'm not using linux. :)

Layer 7 filtering requires application-level proxy or DPI. We talking
about filtering, isn't it?

On Cisco this task requires a bit investigation (sniffing and
tcpiputils.com) and simple add some ACL's:

ip access-list extended TO_INET
 remark Network 100 is passed
 permit ip 192.168.100.0 0.0.0.255 any
 remark Hamachi
 deny   ip 25.0.0.0 0.255.255.255 any
 deny   ip 64.34.106.0 0.0.0.255 any
 deny   ip any host 69.25.21.195
 deny   ip any host 74.201.75.195
 deny   ip any host 146.255.195.92
 remark ZenMate servers
 deny   ip any 162.159.244.0 0.0.0.255
 deny   ip any 78.137.96.0 0.0.7.255
 deny   ip any 46.165.192.0 0.0.63.255
 deny   ip any 207.244.64.0 0.0.63.255
 deny   ip any 178.162.128.0 0.0.127.255
 deny   ip any 179.43.128.0 0.0.31.255
 deny   ip any 88.150.192.0 0.0.31.255
 deny   ip any 31.7.56.0 0.0.7.255
 deny   ip any 185.12.44.0 0.0.3.255
 deny   ip any 103.10.197.0 0.0.0.255
 deny   ip any 37.58.48.0 0.0.15.255
 deny   ip any 5.152.192.0 0.0.31.255
 deny   ip any 81.17.16.0 0.0.15.255
 deny   ip any 199.115.112.0 0.0.7.255
 deny   ip any 103.10.199.0 0.0.0.255
 remark Opera Turbo servers
 deny   ip any 37.228.104.0 0.0.7.255
 deny   ip any 141.0.8.0 0.0.7.255
 deny   ip any 82.145.208.0 0.0.15.255
 deny   ip any 195.189.142.0 0.0.1.255
 deny   ip any 185.26.180.0 0.0.3.255
 remark Ultrasurf port
 deny   tcp any any eq 9666
 remark Hola
 deny   ip any host 107.22.193.119
 deny   ip any host 54.225.121.9
 deny   ip any host 54.225.227.202
 deny   ip any host 54.243.128.120
 deny   tcp any any eq 6851
 deny   tcp any any eq 6861
 deny   ip any 107.155.75.0 0.0.0.255
 deny   ip any 103.18.42.0 0.0.0.255
 deny   ip any 103.27.232.0 0.0.0.255
 deny   ip any 103.4.16.0 0.0.0.255
 deny   ip any 103.6.87.0 0.0.0.255
 deny   ip any 104.131.128.0 0.0.15.255
 deny   ip any 106.185.0.0 0.0.127.255
 deny   ip any 106.186.64.0 0.0.63.255
 deny   ip any 106.187.0.0 0.0.63.255
 deny   ip any 107.155.85.0 0.0.0.255
 deny   ip any 107.161.144.0 0.0.7.255
 deny   ip any 107.170.0.0 0.0.127.255
 deny   ip any 107.181.166.0 0.0.0.255
 deny   ip any 107.190.128.0 0.0.15.255
 deny   ip any 107.191.100.0 0.0.3.255
 deny   ip any 108.61.208.0 0.0.1.255
 deny   ip any 109.74.192.0 0.0.15.255
 deny   ip any 128.199.128.0 0.0.63.255
 deny   ip any 14.136.236.0 0.0.0.255
 deny   ip any 149.154.157.0 0.0.0.255
 deny   ip any 149.62.168.0 0.0.3.255
 deny   ip any 151.236.18.0 0.0.0.255
 deny   ip any 158.255.208.0 0.0.0.255
 deny   ip any 162.213.197.0 0.0.0.255
 deny   ip any 162.217.132.0 0.0.3.255
 deny   ip any 162.218.92.0 0.0.1.255
 deny   ip any 162.221.180.0 0.0.1.255
 deny   ip any 162.243.0.0 0.0.127.255
 deny   ip any 167.88.112.0 0.0.3.255
 deny   ip any 168.235.64.0 0.0.3.255
 deny   ip any 173.255.192.0 0.0.15.255
 deny   ip any 176.58.96.0 0.0.31.255
 deny   ip any 176.9.0.0 0.0.255.255
 deny   ip any 177.67.81.0 0.0.0.255
 deny   ip any 178.209.32.0 0.0.31.255
 deny   ip any 178.79.128.0 0.0.63.255
 deny   ip any 192.110.160.0 0.0.0.255
 deny   ip any 192.121.112.0 0.0.0.255
 deny   ip any 192.184.80.0 0.0.7.255
 deny   ip any 192.211.49.0 0.0.0.255
 deny   ip any 192.241.160.0 0.0.31.255
 deny   ip any 192.30.32.0 0.0.3.255
 deny   ip any 192.34.56.0 0.0.7.255
 deny   ip any 192.40.56.0 0.0.0.255
 deny   ip any 192.73.232.0 0.0.7.255
 deny   ip any 192.81.208.0 0.0.7.255
 deny   ip any 192.99.0.0 0.0.255.255
 deny   ip any 198.147.20.0 0.0.0.255
 deny   ip any 198.211.96.0 0.0.15.255
 deny   ip any 198.58.96.0 0.0.31.255
 deny   ip any 199.241.28.0 0.0.3.255
 deny   ip any 208.68.36.0 0.0.3.255
 deny   ip any 209.222.30.0 0.0.0.255
 deny   ip any 213.229.64.0 0.0.63.255
 deny   ip any 217.170.192.0 0.0.15.255
 deny   ip any 217.78.0.0 0.0.15.255
 deny   ip any 23.227.160.0 0.0.0.255
 deny   ip any 23.249.168.0 0.0.1.255
 deny   ip any 23.29.124.0 0.0.0.255
 deny   ip any 31.193.128.0 0.0.15.255
 deny   ip any 31.220.24.0 0.0.3.255
 deny   ip any 37.139.0.0 0.0.31.255
 deny   ip any 37.235.52.0 0.0.0.255
 deny   ip any 41.215.240.0 0.0.0.255
 deny   ip any 41.223.52.0 0.0.0.255
 deny   ip any 46.17.56.0 0.0.7.255
 deny   ip any 46.19.136.0 0.0.7.255
 deny   ip any 46.246.0.0 0.0.127.255
 deny   ip any 46.38.48.0 0.0.7.255
 deny   ip any 46.4.0.0 0.0.255.255
 deny   ip any 5.9.0.0 0.0.255.255
 deny   ip any 50.116.32.0 0.0.15.255
 deny   ip any 66.85.128.0 0.0.63.255
 deny   ip any 74.82.192.0 0.0.31.255
 deny   ip any 77.237.248.0 0.0.1.255
 deny   ip any 81.4.108.0 0.0.3.255
 deny   ip any 85.234.128.0 0.0.31.255
 deny   ip any 88.150.156.0 0.0.3.255
 deny   ip any 91.186.0.0 0.0.31.255
 deny   ip any 92.222.0.0 0.0.255.255
 deny   ip any 92.48.64.0 0.0.63.255
 deny   ip any 94.76.192.0 0.0.63.255
 deny   ip any 95.215.44.0 0.0.3.255
 deny   ip any 96.126.96.0 0.0.7.255
 remark Browsec
 deny   ip any 178.62.64.0 0.0.63.255
 deny   ip any 188.226.128.0 0.0.127.255
 deny   ip any 128.199.192.0 0.0.63.255
 deny   ip any 104.131.0.0 0.0.63.255
 remark Stealthy
 deny   ip any 118.97.128.0 0.0.15.255
 deny   ip any 41.231.0.0 0.0.255.255
 deny   ip any 195.154.0.0 0.0.255.255
 remark AWS botnet
 deny   ip any 54.0.0.0 0.255.255.255
 remark Finally pass internal LAN to NAT
 permit ip 192.168.0.0 0.0.255.255 any

That's all. The same manner you can blocked almost any unwanted
traffic/apps.

Oh, yes. Sometimes landing networks for any VPN/proxy bypass tools can
change. So, you need to monitor network activity and add needful
networks to block list. Or exclude some /32 addressess from ban - for
good sites who are in the same address range as your banned app.

06.02.2015 14:09, Job пишет:
> Hello Yuri!
>
>>> Only before Squid - using Cisco or something like.
>>> Either Cisco acl's, or NBAR protocol discovery.
>
> is there a way to implement a sort of layer 7 for hotshield vpn (or
ultrasurf) working on Linux?
>
> Thank you again!
> Francesco

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJU1HpAAAoJENNXIZxhPexGR5IH/3iQtvEdmfDU2RNP3odR5KQ8
j06zL50+0Q+U94Mf3Sk/V3OIeAnw8d3RmbJMVbNMwlwaYL9sqN5ByyInt3CCLQIB
663PVUt/GvuDJIgU2ObUcZVm0Q2tVIpd3hwRF8rc67ZktmdpfXj/RR9dFe/GCx9+
zcxXXAsYl7DHjVfZCeVL3qoqN0tnwtIbO57IDdQCbyuvk30oJ+7jf+Sg7nhLVGol
W7L7vwdlZkJuzkb8GedzxN9Hc9Td7IgOQmBlYHK+E/VwE+yrTSUp6+rHRaGy2nGq
wEwMvyPPFvbTFNsUeUCd3eslcDmcFSDzqnX0aB5LUf0gpmMuuw5XFD/aJKFsi40=
=hjUX
-----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux