How to Block free gate proxy application

deepakaagrwal · Nov 28, 2013, 7:10 AM

Hiiiiiiii I am new in this forum, it would be appreciated if some one help to block free gate proxy software in pfsense so that clients can not bypass it.
Thanks in advance

stephenw10 · Nov 28, 2013, 7:10 PM

You have a link to that software?
It can be very difficult to block these types of applications because they are specifically designed to get around blocks!

Steve

deepakaagrwal · Nov 29, 2013, 11:23 AM

Can we do this through firewall rules by blocking ports

mendilli · Nov 29, 2013, 2:14 PM

if I was an expert on firewalling I would say "block everything at the first place, then only allow what you use"

deepakaagrwal · Nov 29, 2013, 4:54 PM

Dear All

how to block traffic of proxies software just like freegate, tor, hotspotshield, ultrasutf and many more , can we dont block through single rule by allowing only trusted traffic. Some users also use chrome or firefox extenstions like hola to bypass pfsense box can we dont block it.

stephenw10 · Nov 29, 2013, 4:56 PM

Yes do that^. However it probably won't block the proxy program because they usually use common ports which you will have to allow for exactly this reason, say 443 or 53.
We need more info on the exact program you're asking about.

Steve

stephenw10 · Nov 29, 2013, 5:05 PM

Ah, OK.
So ultrasurf in particular is difficult to block.
I have never tried to do it but there have been several threads on the forum discussing blocking methods and also several good articles on blogs I've read.

Steve

deepakaagrwal · Nov 30, 2013, 2:17 AM

OK I m waiting for your valuable reply so that i can make my pfsense box most effective.

Nachtfalke · Nov 30, 2013, 1:38 PM

Hi,

it is the same as with teamviewer. The possibilities you have are:

Only allow ports you need and block everything else
Use a proxy like squid and a filter like squidguard or dansguardian and block the domains for this programs you would like to block and disallow bypassing by plain IP address.
If it cannot be blocked by port because the applications use common ports like 443 and you need this for your other users then create an host alias and put in the domains and subdomains these applications connect to. Then add these aliases into a block rule as destination IP on your firewall rules

You probably need to log all traffic and connections when using the specific program to log which ports and destination IPs this program uses. Then block it and try again. Many programs use different ports and IP addresses if one isn't reachable.

stephenw10 · Nov 30, 2013, 2:26 PM

Using Snort with a specific signature for Ultrasurf seems like a better way to do it. Maybe using Layer7 with a specific pattern. Although even using these will fail eventually as ultrasurf employs many techniques to disguise itself.
If you look at firewalls that claim to able to block it (Watchguard, Sonicwall) they are doing it using Layer7 pattern recognition.

You can attempt to block the IPs ultrasurf uses for it's servers but it will fail eventually as the list is a constantly moving target.

Steve