Snort mailing list archives
Re: Ultrasurf Block Problem
From: Ryan Jordan <ryan.jordan () sourcefire com>
Date: Tue, 10 Feb 2009 11:29:40 -0500
Trying to block Ultrasurf is going to be a major pain in the butt. From what I can tell (after a few minutes' googling), it automates the process of finding new proxy servers. At the network level, your safest bet would be to restrict outgoing SSL traffic except for a whitelist of sites you trust. If you have admin rights for the machines in your organization, you might try preventing people from running the software in the first place. However, this falls outside the realm of "snort help" and I wouldn't be much use to you. -Ryan On Tue, Feb 10, 2009 at 8:34 AM, Joel Esler <eslerj () gmail com> wrote:
Snort in Inline mode is able to drop traffic, however you'd need to write a rule to detect the ultrasurf traffic. This can be done if you have a pcap of the traffic you'd like to defend against. On Tue, Feb 10, 2009 at 4:02 AM, Pardeep Sharma < pardeep.kumar () cybernetra net> wrote:Hi, Plz can u tell me how can block ultrasurf using snort-- Joel Esler http://www.joelesler.net ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today- http://p.sf.net/sfu/adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ultrasurf Block Problem Pardeep Sharma (Feb 10)
- Re: Ultrasurf Block Problem Joel Esler (Feb 10)
- Re: Ultrasurf Block Problem Ryan Jordan (Feb 10)
- Re: Ultrasurf Block Problem Joel Esler (Feb 10)