[squid-users] R: Blocking hotshield vpn
Yuri Voinov
yvoinov at gmail.com
Fri Feb 6 08:24:32 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not using linux. :)
Layer 7 filtering requires application-level proxy or DPI. We talking
about filtering, isn't it?
On Cisco this task requires a bit investigation (sniffing and
tcpiputils.com) and simple add some ACL's:
ip access-list extended TO_INET
remark Network 100 is passed
permit ip 192.168.100.0 0.0.0.255 any
remark Hamachi
deny ip 25.0.0.0 0.255.255.255 any
deny ip 64.34.106.0 0.0.0.255 any
deny ip any host 69.25.21.195
deny ip any host 74.201.75.195
deny ip any host 146.255.195.92
remark ZenMate servers
deny ip any 162.159.244.0 0.0.0.255
deny ip any 78.137.96.0 0.0.7.255
deny ip any 46.165.192.0 0.0.63.255
deny ip any 207.244.64.0 0.0.63.255
deny ip any 178.162.128.0 0.0.127.255
deny ip any 179.43.128.0 0.0.31.255
deny ip any 88.150.192.0 0.0.31.255
deny ip any 31.7.56.0 0.0.7.255
deny ip any 185.12.44.0 0.0.3.255
deny ip any 103.10.197.0 0.0.0.255
deny ip any 37.58.48.0 0.0.15.255
deny ip any 5.152.192.0 0.0.31.255
deny ip any 81.17.16.0 0.0.15.255
deny ip any 199.115.112.0 0.0.7.255
deny ip any 103.10.199.0 0.0.0.255
remark Opera Turbo servers
deny ip any 37.228.104.0 0.0.7.255
deny ip any 141.0.8.0 0.0.7.255
deny ip any 82.145.208.0 0.0.15.255
deny ip any 195.189.142.0 0.0.1.255
deny ip any 185.26.180.0 0.0.3.255
remark Ultrasurf port
deny tcp any any eq 9666
remark Hola
deny ip any host 107.22.193.119
deny ip any host 54.225.121.9
deny ip any host 54.225.227.202
deny ip any host 54.243.128.120
deny tcp any any eq 6851
deny tcp any any eq 6861
deny ip any 107.155.75.0 0.0.0.255
deny ip any 103.18.42.0 0.0.0.255
deny ip any 103.27.232.0 0.0.0.255
deny ip any 103.4.16.0 0.0.0.255
deny ip any 103.6.87.0 0.0.0.255
deny ip any 104.131.128.0 0.0.15.255
deny ip any 106.185.0.0 0.0.127.255
deny ip any 106.186.64.0 0.0.63.255
deny ip any 106.187.0.0 0.0.63.255
deny ip any 107.155.85.0 0.0.0.255
deny ip any 107.161.144.0 0.0.7.255
deny ip any 107.170.0.0 0.0.127.255
deny ip any 107.181.166.0 0.0.0.255
deny ip any 107.190.128.0 0.0.15.255
deny ip any 107.191.100.0 0.0.3.255
deny ip any 108.61.208.0 0.0.1.255
deny ip any 109.74.192.0 0.0.15.255
deny ip any 128.199.128.0 0.0.63.255
deny ip any 14.136.236.0 0.0.0.255
deny ip any 149.154.157.0 0.0.0.255
deny ip any 149.62.168.0 0.0.3.255
deny ip any 151.236.18.0 0.0.0.255
deny ip any 158.255.208.0 0.0.0.255
deny ip any 162.213.197.0 0.0.0.255
deny ip any 162.217.132.0 0.0.3.255
deny ip any 162.218.92.0 0.0.1.255
deny ip any 162.221.180.0 0.0.1.255
deny ip any 162.243.0.0 0.0.127.255
deny ip any 167.88.112.0 0.0.3.255
deny ip any 168.235.64.0 0.0.3.255
deny ip any 173.255.192.0 0.0.15.255
deny ip any 176.58.96.0 0.0.31.255
deny ip any 176.9.0.0 0.0.255.255
deny ip any 177.67.81.0 0.0.0.255
deny ip any 178.209.32.0 0.0.31.255
deny ip any 178.79.128.0 0.0.63.255
deny ip any 192.110.160.0 0.0.0.255
deny ip any 192.121.112.0 0.0.0.255
deny ip any 192.184.80.0 0.0.7.255
deny ip any 192.211.49.0 0.0.0.255
deny ip any 192.241.160.0 0.0.31.255
deny ip any 192.30.32.0 0.0.3.255
deny ip any 192.34.56.0 0.0.7.255
deny ip any 192.40.56.0 0.0.0.255
deny ip any 192.73.232.0 0.0.7.255
deny ip any 192.81.208.0 0.0.7.255
deny ip any 192.99.0.0 0.0.255.255
deny ip any 198.147.20.0 0.0.0.255
deny ip any 198.211.96.0 0.0.15.255
deny ip any 198.58.96.0 0.0.31.255
deny ip any 199.241.28.0 0.0.3.255
deny ip any 208.68.36.0 0.0.3.255
deny ip any 209.222.30.0 0.0.0.255
deny ip any 213.229.64.0 0.0.63.255
deny ip any 217.170.192.0 0.0.15.255
deny ip any 217.78.0.0 0.0.15.255
deny ip any 23.227.160.0 0.0.0.255
deny ip any 23.249.168.0 0.0.1.255
deny ip any 23.29.124.0 0.0.0.255
deny ip any 31.193.128.0 0.0.15.255
deny ip any 31.220.24.0 0.0.3.255
deny ip any 37.139.0.0 0.0.31.255
deny ip any 37.235.52.0 0.0.0.255
deny ip any 41.215.240.0 0.0.0.255
deny ip any 41.223.52.0 0.0.0.255
deny ip any 46.17.56.0 0.0.7.255
deny ip any 46.19.136.0 0.0.7.255
deny ip any 46.246.0.0 0.0.127.255
deny ip any 46.38.48.0 0.0.7.255
deny ip any 46.4.0.0 0.0.255.255
deny ip any 5.9.0.0 0.0.255.255
deny ip any 50.116.32.0 0.0.15.255
deny ip any 66.85.128.0 0.0.63.255
deny ip any 74.82.192.0 0.0.31.255
deny ip any 77.237.248.0 0.0.1.255
deny ip any 81.4.108.0 0.0.3.255
deny ip any 85.234.128.0 0.0.31.255
deny ip any 88.150.156.0 0.0.3.255
deny ip any 91.186.0.0 0.0.31.255
deny ip any 92.222.0.0 0.0.255.255
deny ip any 92.48.64.0 0.0.63.255
deny ip any 94.76.192.0 0.0.63.255
deny ip any 95.215.44.0 0.0.3.255
deny ip any 96.126.96.0 0.0.7.255
remark Browsec
deny ip any 178.62.64.0 0.0.63.255
deny ip any 188.226.128.0 0.0.127.255
deny ip any 128.199.192.0 0.0.63.255
deny ip any 104.131.0.0 0.0.63.255
remark Stealthy
deny ip any 118.97.128.0 0.0.15.255
deny ip any 41.231.0.0 0.0.255.255
deny ip any 195.154.0.0 0.0.255.255
remark AWS botnet
deny ip any 54.0.0.0 0.255.255.255
remark Finally pass internal LAN to NAT
permit ip 192.168.0.0 0.0.255.255 any
That's all. The same manner you can blocked almost any unwanted
traffic/apps.
Oh, yes. Sometimes landing networks for any VPN/proxy bypass tools can
change. So, you need to monitor network activity and add needful
networks to block list. Or exclude some /32 addressess from ban - for
good sites who are in the same address range as your banned app.
06.02.2015 14:09, Job пишет:
> Hello Yuri!
>
>>> Only before Squid - using Cisco or something like.
>>> Either Cisco acl's, or NBAR protocol discovery.
>
> is there a way to implement a sort of layer 7 for hotshield vpn (or
ultrasurf) working on Linux?
>
> Thank you again!
> Francesco
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU1HpAAAoJENNXIZxhPexGR5IH/3iQtvEdmfDU2RNP3odR5KQ8
j06zL50+0Q+U94Mf3Sk/V3OIeAnw8d3RmbJMVbNMwlwaYL9sqN5ByyInt3CCLQIB
663PVUt/GvuDJIgU2ObUcZVm0Q2tVIpd3hwRF8rc67ZktmdpfXj/RR9dFe/GCx9+
zcxXXAsYl7DHjVfZCeVL3qoqN0tnwtIbO57IDdQCbyuvk30oJ+7jf+Sg7nhLVGol
W7L7vwdlZkJuzkb8GedzxN9Hc9Td7IgOQmBlYHK+E/VwE+yrTSUp6+rHRaGy2nGq
wEwMvyPPFvbTFNsUeUCd3eslcDmcFSDzqnX0aB5LUf0gpmMuuw5XFD/aJKFsi40=
=hjUX
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list