*SOLVED* Block Betternet servers
-
Hello All,
I have set up block rules on the firewall for (what I think) is the betternet.co subnet and am still unable to block this website as well as the actual installed App.
Does anyone have any advice on how or what to do next?
I tried setting up a block,,much the same as https for facebook,and simply will not be effective.
Just an FYI. This app acts as a VPN from client to the betternet servers,,then out to internet.
With the client laptop connected to betternet servers via theinstalled app I can surf Facebook where with the app this is blocked,,as expected.
Thanks,
Barry -
You run a test where you run the Betternet software on one of your LAN clients, and do a packet capture for that LAN client's traffic to see how the software is talking. Use that data to further craft your firewall rules. It all boils down to either IP addresses or ports. Global VPN services usually have points of presence in several countries, so you need to literally compile a list of every one of Betternet's nodes, and add them all to an alias, then create a firewall rule to block all traffic to that alias.
You could also try using a domain override to resolve *.betternet.co to localhost.
-
Hello All,
Just trying to keep this post alive.
Have tried wiresharking the client PC, as suggested. Seems it is a never ending cycle of going to a different public IP subnet on betternet server end.
I have done the cumulative ip subnet to an alias for Facebook block (for https) and want to do the same for betternet.
Have looked high and low for possibly a cumulative listing of betternet server subnets but simply can't seem to find anything.Thanks,
Barry -
betternet.com has address 64.29.145.9
AS | IP | AS Name
30447 | 64.29.145.9 | INFB2-AS - InternetNamesForBusiness.com,USAS30447
64.29.144.0/20
66.175.0.0/18
66.226.64.0/21
66.226.80.0/20
69.49.112.0/23
69.49.112.0/24
69.49.113.0/24
69.49.115.0/24
69.49.116.0/22
69.49.116.0/24
69.49.117.0/24
69.49.118.0/24
69.49.124.0/22
149.115.0.0/16
149.115.16.0/20
149.115.32.0/20
149.115.48.0/20
206.225.88.0/22
207.217.125.0/24
209.235.144.0/21
209.235.152.0/22
209.235.156.0/24
209.235.157.0/24
216.55.128.0/18
216.55.132.0/22
216.55.144.0/20
216.55.172.0/22
216.55.188.0/22 -
I understand this is solved, but I don't understand how to get this blocked on my Sonicwall. I'm super new at this so dumbing this down will help me learn.
-
Why are you asking a pfSense forum how to do something on your SonicWall? BBcan177 already provided all of the network addresses used by Betternet. Go to your SonicWall config and block those networks.
-
@KOM:
Why are you asking a pfSense forum how to do something on your SonicWall? BBcan177 already provided all of the network addresses used by Betternet. Go to your SonicWall config and block those networks.
Why did I ask? Because I did. Thanks for being a dick though. It really is true! Open Source guys are big assholes.
-
Thanks for being a dick though. It really is true! Open Source guys are big assholes.
Have a nice day.
-
Just to clarify.
betternet VPN/ Proxy bypass URL is actually : betternet.co NOT betternet.com as BBcan117 has ip/subnets for.
So the displayed ip subnets are not effective for blocking betternet VPN/Proxy bypass.
Hope this helps.Barry
-
host -t A betternet.co
betternet.co has address 54.164.234.179
betternet.co has address 52.0.79.127AS | IP | AS Name
14618 | 54.164.234.179 | AMAZON-AES - Amazon.com, Inc.,USProbably going to have issues blocking these IPs as its using Amazon…
Non-Aggregated
A3103 66.7.64.0/19 63.92.12.0/22 63.238.12.0/22 63.238.16.0/23 208.47.248.0/23 209.201.96.0/22 50.19.128.0/17 107.20.0.0/16 107.22.0.0/16 107.21.0.0/18 54.212.0.0/16 54.240.24.0/22 54.253.128.0/17 54.221.0.0/16 54.211.0.0/16 54.213.0.0/16 54.215.192.0/18 54.219.0.0/17 54.202.0.0/15 23.20.0.0/15 107.23.0.0/17 23.22.0.0/15 54.200.0.0/15 54.229.128.0/17 54.207.0.0/17 54.238.128.0/17 54.207.128.0/17 54.204.0.0/15 54.206.0.0/17 54.220.0.0/16 54.219.128.0/18 54.199.0.0/17 54.194.0.0/16 54.255.0.0/17 54.219.192.0/18 54.196.0.0/15 54.193.0.0/17 54.255.128.0/17 54.84.0.0/15 54.178.0.0/17 54.72.0.0/16 54.186.0.0/15 54.242.0.0/15 54.240.8.0/21 54.184.0.0/15 54.195.0.0/16 54.193.128.0/17 54.198.0.0/16 54.80.0.0/14 54.206.128.0/17 54.199.128.0/17 54.73.0.0/16 54.86.0.0/16 54.188.0.0/15 216.182.224.0/21 216.182.224.0/20 216.182.232.0/21 67.202.0.0/18 72.44.32.0/19 75.101.128.0/17 54.234.0.0/15 107.23.128.0/17 50.16.245.0/24 54.236.0.0/18 174.129.0.0/16 107.21.64.0/18 107.21.128.0/17 54.237.0.0/16 54.228.0.0/16 54.232.192.0/18 54.249.64.0/18 54.241.192.0/18 54.241.160.0/19 54.249.128.0/17 54.244.128.0/17 54.236.64.0/18 54.236.128.0/17 54.224.0.0/15 204.236.224.0/19 204.236.192.0/18 184.73.0.0/16 184.72.128.0/17 54.253.0.0/17 54.215.0.0/17 54.244.64.0/18 54.214.0.0/17 54.250.0.0/17 54.250.128.0/18 184.72.64.0/19 54.216.0.0/15 54.208.0.0/15 54.226.0.0/15 54.229.0.0/17 54.232.128.0/18 54.215.128.0/18 54.214.128.0/17 54.240.16.0/24 184.72.96.0/19 54.254.0.0/17 54.218.0.0/17 54.218.128.0/17 54.250.192.0/18 54.254.128.0/17 54.238.0.0/17 50.16.252.0/22 50.17.0.0/16 50.19.0.0/17 54.156.0.0/14 54.151.0.0/17 54.93.32.0/19 54.93.64.0/18 54.93.0.0/19 52.0.0.0/15 54.93.128.0/17 52.64.0.0/17 52.8.0.0/16 185.48.120.0/22 54.95.0.0/17 54.79.0.0/17 54.94.0.0/17 54.87.0.0/16 54.76.0.0/15 52.10.0.0/15 54.152.0.0/16 54.153.0.0/17 54.153.128.0/17 52.16.0.0/15 52.74.0.0/16 54.183.0.0/17 54.176.0.0/15 54.74.0.0/15 54.95.128.0/17 54.89.0.0/16 54.90.0.0/15 54.191.0.0/16 54.233.64.0/18 54.233.128.0/17 52.12.0.0/15 52.28.0.0/16 54.190.0.0/16 54.88.0.0/16 54.179.128.0/18 54.94.128.0/18 54.210.0.0/16 52.68.0.0/15 52.4.0.0/14 52.24.0.0/14 54.92.0.0/17 54.64.0.0/15 54.183.128.0/17 96.127.64.0/18 54.166.0.0/15 54.92.128.0/17 54.164.0.0/15 52.76.0.0/17 54.168.0.0/16 54.68.0.0/15 54.70.0.0/15 54.78.0.0/16 54.179.192.0/18 54.66.0.0/17 54.160.0.0/14 52.2.0.0/15 52.95.52.0/22 54.169.0.0/17 52.18.0.0/15 54.66.128.0/17 54.172.0.0/15 54.171.0.0/16 54.170.0.0/16 54.67.0.0/17 54.174.0.0/15 54.169.128.0/17 54.94.192.0/18 54.144.0.0/14 54.148.0.0/15 54.151.128.0/17 54.150.0.0/16 54.93.0.0/16 54.79.128.0/17 54.178.128.0/17 54.154.0.0/16 54.155.0.0/16 52.20.0.0/14 52.95.241.0/24 52.95.243.0/24 52.95.242.0/24 52.95.244.0/24 52.95.245.0/24 52.95.240.0/24 52.95.246.0/24 52.95.247.0/24 52.64.128.0/17 52.29.0.0/16 52.88.0.0/15 52.70.0.0/15 52.72.0.0/15 52.86.0.0/15 52.90.0.0/15 54.223.32.0/19 54.223.64.0/18 52.30.0.0/15 52.95.248.0/24 52.32.0.0/14 52.76.128.0/17 52.77.0.0/16 52.9.0.0/16 52.52.0.0/15 52.192.0.0/15 23.20.0.0/14 50.16.0.0/16 50.16.0.0/14 50.112.0.0/16 52.65.0.0/16 52.62.0.0/15 52.48.0.0/14 198.18.84.0/23Aggregated
23.20.0.0/14 50.16.0.0/14 50.112.0.0/16 52.0.0.0/13 52.8.0.0/14 52.12.0.0/15 52.16.0.0/12 52.32.0.0/14 52.48.0.0/14 52.52.0.0/15 52.62.0.0/15 52.64.0.0/15 52.68.0.0/14 52.72.0.0/15 52.74.0.0/16 52.76.0.0/15 52.86.0.0/15 52.88.0.0/14 52.95.52.0/22 52.95.240.0/21 52.95.248.0/24 52.192.0.0/15 54.64.0.0/15 54.66.0.0/16 54.67.0.0/17 54.68.0.0/14 54.72.0.0/13 54.80.0.0/12 54.144.0.0/12 54.160.0.0/12 54.176.0.0/15 54.178.0.0/16 54.179.128.0/17 54.183.0.0/16 54.184.0.0/13 54.193.0.0/16 54.194.0.0/15 54.196.0.0/14 54.200.0.0/13 54.208.0.0/13 54.216.0.0/14 54.220.0.0/15 54.223.32.0/19 54.223.64.0/18 54.224.0.0/14 54.228.0.0/15 54.232.128.0/17 54.233.64.0/18 54.233.128.0/17 54.234.0.0/15 54.236.0.0/15 54.238.0.0/16 54.240.8.0/21 54.240.16.0/24 54.240.24.0/22 54.241.160.0/19 54.241.192.0/18 54.242.0.0/15 54.244.64.0/18 54.244.128.0/17 54.249.64.0/18 54.249.128.0/17 54.250.0.0/16 54.253.0.0/16 54.254.0.0/15 63.92.12.0/22 63.238.12.0/22 63.238.16.0/23 66.7.64.0/19 67.202.0.0/18 72.44.32.0/19 75.101.128.0/17 96.127.64.0/18 107.20.0.0/14 174.129.0.0/16 184.72.64.0/18 184.72.128.0/17 184.73.0.0/16 185.48.120.0/22 198.18.84.0/23 204.236.192.0/18 208.47.248.0/23 209.201.96.0/22 216.182.224.0/20 -
May we know how this list of IPs can be updated? whois just lists 52.0.0.0/11….
-
Can someone help with blocking betternet?
I tried to block access to the following, but it doesn't work.
54.164.234.179
52.0.79.127When I run the following, I get a different IP than previously posted:
host -t A betternet.co
betternet.co has address 146.112.61.104Thanks!
-
Did you read any of the previous posts in this thread?? Betternet has a lot more IP addresses than just those two you listed.
-
I wasn't sure if it was necessary to block all of those IPs. I'll give that a go. Thanks for the reply KOM.
-
Wow. That's all I can say. Not only are the "hero members" here rude, they are terrible at their job. The proper way to find out how to block this app is not to use zenmap on the client. You should be looking at firewall logs filtered by the client's IP. If you listen to the "heros" here you are blocking huge blocks of AWS (legit websites) and IP blocks that aren't even pulic. I was hoping to google up a quick fix before I installed it and watched it, and this isn't it.
-
host -t A betternet.co
betternet.co has address 54.164.234.179
betternet.co has address 52.0.79.127AS | IP | AS Name
14618 | 54.164.234.179 | AMAZON-AES - Amazon.com, Inc.,USProbably going to have issues blocking these IPs as its using Amazon…
For Betternet, its not so easy to block as its intermingled in Amazon, as per my previous post.
I don't use betternet, but some google searching didn't return any lists of IPs… If your going to watch the firewall logs, its also going to be hit and miss...
-
Uh, yeah it's not that easy because you are doing it wrong. If you are doing it right it's certainly not " hit or miss". It connects to AWS servers first on 443, then it sends all traffic though 8080 on different servers. You would see this if you were looking at it correctly instead of doing a whois on betternet. Just in case anyone doesn't want to block huge blocks of legit IPs, here is the answer: block 172.98.85.0/23.
-
@KOM:
Have a nice day.
My mom always said ignorance is bliss and being smart has its drawbacks. All you can do is ignore the drama and say "have a nice day".
-
So the guy that has been nothing but rude, and has no idea what he is talking about is the smart one in your estimation? This board's "heros" are real winners.
