*SOLVED* Block Betternet servers

KOM

You run a test where you run the Betternet software on one of your LAN clients, and do a packet capture for that LAN client's traffic to see how the software is talking.  Use that data to further craft your firewall rules.  It all boils down to either IP addresses or ports.  Global VPN services usually have points of presence in several countries, so you need to literally compile a list of every one of Betternet's nodes, and add them all to an alias, then create a firewall rule to block all traffic to that alias.

You could also try using a domain override to resolve *.betternet.co to localhost.

brcisna

Hello All,

Just trying to keep this post alive.
Have tried wiresharking the client PC, as suggested. Seems it is a never ending cycle of going to a different public IP subnet on betternet server end.
I have done the cumulative ip subnet to an alias for Facebook block (for https) and want to do the same for betternet.
Have looked high and low for possibly a cumulative listing of betternet server subnets but simply can't seem to find anything.

Thanks,
Barry

BBcan177

betternet.com has address 64.29.145.9

AS      | IP                  | AS Name
30447  | 64.29.145.9      | INFB2-AS - InternetNamesForBusiness.com,US

AS30447

64.29.144.0/20
66.175.0.0/18
66.226.64.0/21
66.226.80.0/20
69.49.112.0/23
69.49.112.0/24
69.49.113.0/24
69.49.115.0/24
69.49.116.0/22
69.49.116.0/24
69.49.117.0/24
69.49.118.0/24
69.49.124.0/22
149.115.0.0/16
149.115.16.0/20
149.115.32.0/20
149.115.48.0/20
206.225.88.0/22
207.217.125.0/24
209.235.144.0/21
209.235.152.0/22
209.235.156.0/24
209.235.157.0/24
216.55.128.0/18
216.55.132.0/22
216.55.144.0/20
216.55.172.0/22
216.55.188.0/22

Guest

I understand this is solved, but I don't understand how to get this blocked on my Sonicwall. I'm super new at this so dumbing this down will help me learn.

KOM

Why are you asking a pfSense forum how to do something on your SonicWall?  BBcan177 already provided all of the network addresses used by Betternet.  Go to your SonicWall config and block those networks.

Guest

@KOM:

Why are you asking a pfSense forum how to do something on your SonicWall?  BBcan177 already provided all of the network addresses used by Betternet.  Go to your SonicWall config and block those networks.

Why did I ask? Because I did.  Thanks for being a dick though. It really is true! Open Source guys are big assholes.

KOM

Thanks for being a dick though. It really is true! Open Source guys are big assholes.

Have a nice day.

brcisna

Just to clarify.

betternet VPN/ Proxy bypass URL is actually : betternet.co NOT betternet.com  as BBcan117 has ip/subnets for.
So the displayed ip subnets are not effective for blocking betternet VPN/Proxy bypass.
Hope this helps.

Barry

BBcan177

host -t A betternet.co
betternet.co has address 54.164.234.179
betternet.co has address 52.0.79.127

AS        | IP                      | AS Name
14618  | 54.164.234.179  | AMAZON-AES - Amazon.com, Inc.,US

Probably going to have issues blocking these IPs as its using Amazon…

Non-Aggregated

A3103
66.7.64.0/19
63.92.12.0/22
63.238.12.0/22
63.238.16.0/23
208.47.248.0/23
209.201.96.0/22
50.19.128.0/17
107.20.0.0/16
107.22.0.0/16
107.21.0.0/18
54.212.0.0/16
54.240.24.0/22
54.253.128.0/17
54.221.0.0/16
54.211.0.0/16
54.213.0.0/16
54.215.192.0/18
54.219.0.0/17
54.202.0.0/15
23.20.0.0/15
107.23.0.0/17
23.22.0.0/15
54.200.0.0/15
54.229.128.0/17
54.207.0.0/17
54.238.128.0/17
54.207.128.0/17
54.204.0.0/15
54.206.0.0/17
54.220.0.0/16
54.219.128.0/18
54.199.0.0/17
54.194.0.0/16
54.255.0.0/17
54.219.192.0/18
54.196.0.0/15
54.193.0.0/17
54.255.128.0/17
54.84.0.0/15
54.178.0.0/17
54.72.0.0/16
54.186.0.0/15
54.242.0.0/15
54.240.8.0/21
54.184.0.0/15
54.195.0.0/16
54.193.128.0/17
54.198.0.0/16
54.80.0.0/14
54.206.128.0/17
54.199.128.0/17
54.73.0.0/16
54.86.0.0/16
54.188.0.0/15
216.182.224.0/21
216.182.224.0/20
216.182.232.0/21
67.202.0.0/18
72.44.32.0/19
75.101.128.0/17
54.234.0.0/15
107.23.128.0/17
50.16.245.0/24
54.236.0.0/18
174.129.0.0/16
107.21.64.0/18
107.21.128.0/17
54.237.0.0/16
54.228.0.0/16
54.232.192.0/18
54.249.64.0/18
54.241.192.0/18
54.241.160.0/19
54.249.128.0/17
54.244.128.0/17
54.236.64.0/18
54.236.128.0/17
54.224.0.0/15
204.236.224.0/19
204.236.192.0/18
184.73.0.0/16
184.72.128.0/17
54.253.0.0/17
54.215.0.0/17
54.244.64.0/18
54.214.0.0/17
54.250.0.0/17
54.250.128.0/18
184.72.64.0/19
54.216.0.0/15
54.208.0.0/15
54.226.0.0/15
54.229.0.0/17
54.232.128.0/18
54.215.128.0/18
54.214.128.0/17
54.240.16.0/24
184.72.96.0/19
54.254.0.0/17
54.218.0.0/17
54.218.128.0/17
54.250.192.0/18
54.254.128.0/17
54.238.0.0/17
50.16.252.0/22
50.17.0.0/16
50.19.0.0/17
54.156.0.0/14
54.151.0.0/17
54.93.32.0/19
54.93.64.0/18
54.93.0.0/19
52.0.0.0/15
54.93.128.0/17
52.64.0.0/17
52.8.0.0/16
185.48.120.0/22
54.95.0.0/17
54.79.0.0/17
54.94.0.0/17
54.87.0.0/16
54.76.0.0/15
52.10.0.0/15
54.152.0.0/16
54.153.0.0/17
54.153.128.0/17
52.16.0.0/15
52.74.0.0/16
54.183.0.0/17
54.176.0.0/15
54.74.0.0/15
54.95.128.0/17
54.89.0.0/16
54.90.0.0/15
54.191.0.0/16
54.233.64.0/18
54.233.128.0/17
52.12.0.0/15
52.28.0.0/16
54.190.0.0/16
54.88.0.0/16
54.179.128.0/18
54.94.128.0/18
54.210.0.0/16
52.68.0.0/15
52.4.0.0/14
52.24.0.0/14
54.92.0.0/17
54.64.0.0/15
54.183.128.0/17
96.127.64.0/18
54.166.0.0/15
54.92.128.0/17
54.164.0.0/15
52.76.0.0/17
54.168.0.0/16
54.68.0.0/15
54.70.0.0/15
54.78.0.0/16
54.179.192.0/18
54.66.0.0/17
54.160.0.0/14
52.2.0.0/15
52.95.52.0/22
54.169.0.0/17
52.18.0.0/15
54.66.128.0/17
54.172.0.0/15
54.171.0.0/16
54.170.0.0/16
54.67.0.0/17
54.174.0.0/15
54.169.128.0/17
54.94.192.0/18
54.144.0.0/14
54.148.0.0/15
54.151.128.0/17
54.150.0.0/16
54.93.0.0/16
54.79.128.0/17
54.178.128.0/17
54.154.0.0/16
54.155.0.0/16
52.20.0.0/14
52.95.241.0/24
52.95.243.0/24
52.95.242.0/24
52.95.244.0/24
52.95.245.0/24
52.95.240.0/24
52.95.246.0/24
52.95.247.0/24
52.64.128.0/17
52.29.0.0/16
52.88.0.0/15
52.70.0.0/15
52.72.0.0/15
52.86.0.0/15
52.90.0.0/15
54.223.32.0/19
54.223.64.0/18
52.30.0.0/15
52.95.248.0/24
52.32.0.0/14
52.76.128.0/17
52.77.0.0/16
52.9.0.0/16
52.52.0.0/15
52.192.0.0/15
23.20.0.0/14
50.16.0.0/16
50.16.0.0/14
50.112.0.0/16
52.65.0.0/16
52.62.0.0/15
52.48.0.0/14
198.18.84.0/23

Aggregated

23.20.0.0/14
50.16.0.0/14
50.112.0.0/16
52.0.0.0/13
52.8.0.0/14
52.12.0.0/15
52.16.0.0/12
52.32.0.0/14
52.48.0.0/14
52.52.0.0/15
52.62.0.0/15
52.64.0.0/15
52.68.0.0/14
52.72.0.0/15
52.74.0.0/16
52.76.0.0/15
52.86.0.0/15
52.88.0.0/14
52.95.52.0/22
52.95.240.0/21
52.95.248.0/24
52.192.0.0/15
54.64.0.0/15
54.66.0.0/16
54.67.0.0/17
54.68.0.0/14
54.72.0.0/13
54.80.0.0/12
54.144.0.0/12
54.160.0.0/12
54.176.0.0/15
54.178.0.0/16
54.179.128.0/17
54.183.0.0/16
54.184.0.0/13
54.193.0.0/16
54.194.0.0/15
54.196.0.0/14
54.200.0.0/13
54.208.0.0/13
54.216.0.0/14
54.220.0.0/15
54.223.32.0/19
54.223.64.0/18
54.224.0.0/14
54.228.0.0/15
54.232.128.0/17
54.233.64.0/18
54.233.128.0/17
54.234.0.0/15
54.236.0.0/15
54.238.0.0/16
54.240.8.0/21
54.240.16.0/24
54.240.24.0/22
54.241.160.0/19
54.241.192.0/18
54.242.0.0/15
54.244.64.0/18
54.244.128.0/17
54.249.64.0/18
54.249.128.0/17
54.250.0.0/16
54.253.0.0/16
54.254.0.0/15
63.92.12.0/22
63.238.12.0/22
63.238.16.0/23
66.7.64.0/19
67.202.0.0/18
72.44.32.0/19
75.101.128.0/17
96.127.64.0/18
107.20.0.0/14
174.129.0.0/16
184.72.64.0/18
184.72.128.0/17
184.73.0.0/16
185.48.120.0/22
198.18.84.0/23
204.236.192.0/18
208.47.248.0/23
209.201.96.0/22
216.182.224.0/20

jdusablon

May we know how this list of IPs can be updated? whois just lists 52.0.0.0/11….

homerzzzpf

Can someone help with blocking betternet?

I tried to block access to the following, but it doesn't work.
54.164.234.179
52.0.79.127

When I run the following, I get a different IP than previously posted:

host -t A betternet.co
betternet.co has address 146.112.61.104

Thanks!

KOM

Did you read any of the previous posts in this thread??  Betternet has a lot more IP addresses than just those two you listed.

homerzzzpf

I wasn't sure if it was necessary to block all of those IPs. I'll give that a go. Thanks for the reply KOM.

cbii

Wow. That's all I can say. Not only are the "hero members" here rude, they are terrible at their job. The proper way to find out how to block this app is not to use zenmap on the client. You should be looking at firewall logs filtered by the client's IP. If you listen to the "heros" here you are blocking huge blocks of AWS (legit websites) and IP blocks that aren't even pulic. I was hoping to google up a quick fix before I installed it and watched it, and this isn't it.

BBcan177

@BBcan177:

host -t A betternet.co
betternet.co has address 54.164.234.179
betternet.co has address 52.0.79.127

AS        | IP                      | AS Name
14618  | 54.164.234.179  | AMAZON-AES - Amazon.com, Inc.,US

Probably going to have issues blocking these IPs as its using Amazon…

For Betternet, its not so easy to block as its intermingled in Amazon, as per my previous post.

I don't use betternet, but some google searching didn't return any lists of IPs… If your going to watch the firewall logs, its also going to be hit and miss...

cbii

Uh, yeah it's not that easy because you are doing it wrong. If you are doing it right it's certainly not " hit or miss". It connects to AWS servers first on 443, then it sends all traffic though 8080 on different servers. You would see this if you were looking at it correctly instead of doing a whois on betternet. Just in case anyone doesn't want to block huge blocks of legit IPs, here is the answer: block 172.98.85.0/23.

Harvy66

@KOM:

Have a nice day.

My mom always said ignorance is bliss and being smart has its drawbacks. All you can do is ignore the drama and say "have a nice day".

cbii

So the guy that has been nothing but rude, and has no idea what he is talking about is the smart one in your estimation?  This board's "heros" are real winners.