*SOLVED* Block Betternet servers


  • Hello All,

    EDIT - SOLVED
    Believe we have the betternet servers/service  blocked.
    AS it turned out using Zenmap to nmap the betternet servers it had a very weird "last hop" to actually contact the betternet server.
    Getting this extra last hop ip range/subnet block seems to have block this app.
    Hope this may help someone else.
    –----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Anyone have any experience with getting Betternet servers blocked?
    Honestly just found out about this avaliable App today.
    Would appreciate anyones comments.

    Thank You,
    Barry


  • If you can get a definitive list of IP addresses used by their servers, then it's a snap.  Same thing goes if this service uses particular ports to talk.


  • KOM,

    Thank You for the reply. This is actually a VPN setup,but seems getting their servers IP address range should do the trick.
    From what I've been able to see it hosts on an amazon server cloud?
    Guess we'll just have to download the app and try blocking this ip subnet and see if the client machine fails,,,,hopefully.

    Thanks again,
    Barry


  • Guess we'll just have to download the app and try blocking this ip subnet and see if the client machine fails

    That's how everyone else does it.


  • Hello All,

    I have set up block rules on the firewall for (what I think) is the betternet.co subnet and am still unable to block this website as well as the actual installed App.

    Does anyone have any advice on how or what to do next?

    I tried setting up a block,,much the same as https for facebook,and simply will not be effective.

    Just an FYI. This app acts as a VPN from client to the betternet servers,,then out to internet.

    With the client laptop connected to betternet servers via theinstalled app I can surf Facebook where with the app this is blocked,,as expected.

    Thanks,
    Barry


  • You run a test where you run the Betternet software on one of your LAN clients, and do a packet capture for that LAN client's traffic to see how the software is talking.  Use that data to further craft your firewall rules.  It all boils down to either IP addresses or ports.  Global VPN services usually have points of presence in several countries, so you need to literally compile a list of every one of Betternet's nodes, and add them all to an alias, then create a firewall rule to block all traffic to that alias.

    You could also try using a domain override to resolve *.betternet.co to localhost.


  • Hello All,

    Just trying to keep this post alive.
    Have tried wiresharking the client PC, as suggested. Seems it is a never ending cycle of going to a different public IP subnet on betternet server end.
    I have done the cumulative ip subnet to an alias for Facebook block (for https) and want to do the same for betternet.
    Have looked high and low for possibly a cumulative listing of betternet server subnets but simply can't seem to find anything.

    Thanks,
    Barry

  • Moderator

    betternet.com has address 64.29.145.9

    AS      | IP                  | AS Name
    30447  | 64.29.145.9      | INFB2-AS - InternetNamesForBusiness.com,US

    AS30447

    64.29.144.0/20
    66.175.0.0/18
    66.226.64.0/21
    66.226.80.0/20
    69.49.112.0/23
    69.49.112.0/24
    69.49.113.0/24
    69.49.115.0/24
    69.49.116.0/22
    69.49.116.0/24
    69.49.117.0/24
    69.49.118.0/24
    69.49.124.0/22
    149.115.0.0/16
    149.115.16.0/20
    149.115.32.0/20
    149.115.48.0/20
    206.225.88.0/22
    207.217.125.0/24
    209.235.144.0/21
    209.235.152.0/22
    209.235.156.0/24
    209.235.157.0/24
    216.55.128.0/18
    216.55.132.0/22
    216.55.144.0/20
    216.55.172.0/22
    216.55.188.0/22


  • I understand this is solved, but I don't understand how to get this blocked on my Sonicwall. I'm super new at this so dumbing this down will help me learn.


  • Why are you asking a pfSense forum how to do something on your SonicWall?  BBcan177 already provided all of the network addresses used by Betternet.  Go to your SonicWall config and block those networks.


  • @KOM:

    Why are you asking a pfSense forum how to do something on your SonicWall?  BBcan177 already provided all of the network addresses used by Betternet.  Go to your SonicWall config and block those networks.

    Why did I ask? Because I did.  Thanks for being a dick though. It really is true! Open Source guys are big assholes.


  • Thanks for being a dick though. It really is true! Open Source guys are big assholes.

    Have a nice day.


  • Just to clarify.

    betternet VPN/ Proxy bypass URL is actually : betternet.co NOT betternet.com  as BBcan117 has ip/subnets for.
    So the displayed ip subnets are not effective for blocking betternet VPN/Proxy bypass.
    Hope this helps.

    Barry

  • Moderator

    host -t A betternet.co
    betternet.co has address 54.164.234.179
    betternet.co has address 52.0.79.127

    AS        | IP                      | AS Name
    14618  | 54.164.234.179  | AMAZON-AES - Amazon.com, Inc.,US

    Probably going to have issues blocking these IPs as its using Amazon…

    Non-Aggregated

    
    A3103
    66.7.64.0/19
    63.92.12.0/22
    63.238.12.0/22
    63.238.16.0/23
    208.47.248.0/23
    209.201.96.0/22
    50.19.128.0/17
    107.20.0.0/16
    107.22.0.0/16
    107.21.0.0/18
    54.212.0.0/16
    54.240.24.0/22
    54.253.128.0/17
    54.221.0.0/16
    54.211.0.0/16
    54.213.0.0/16
    54.215.192.0/18
    54.219.0.0/17
    54.202.0.0/15
    23.20.0.0/15
    107.23.0.0/17
    23.22.0.0/15
    54.200.0.0/15
    54.229.128.0/17
    54.207.0.0/17
    54.238.128.0/17
    54.207.128.0/17
    54.204.0.0/15
    54.206.0.0/17
    54.220.0.0/16
    54.219.128.0/18
    54.199.0.0/17
    54.194.0.0/16
    54.255.0.0/17
    54.219.192.0/18
    54.196.0.0/15
    54.193.0.0/17
    54.255.128.0/17
    54.84.0.0/15
    54.178.0.0/17
    54.72.0.0/16
    54.186.0.0/15
    54.242.0.0/15
    54.240.8.0/21
    54.184.0.0/15
    54.195.0.0/16
    54.193.128.0/17
    54.198.0.0/16
    54.80.0.0/14
    54.206.128.0/17
    54.199.128.0/17
    54.73.0.0/16
    54.86.0.0/16
    54.188.0.0/15
    216.182.224.0/21
    216.182.224.0/20
    216.182.232.0/21
    67.202.0.0/18
    72.44.32.0/19
    75.101.128.0/17
    54.234.0.0/15
    107.23.128.0/17
    50.16.245.0/24
    54.236.0.0/18
    174.129.0.0/16
    107.21.64.0/18
    107.21.128.0/17
    54.237.0.0/16
    54.228.0.0/16
    54.232.192.0/18
    54.249.64.0/18
    54.241.192.0/18
    54.241.160.0/19
    54.249.128.0/17
    54.244.128.0/17
    54.236.64.0/18
    54.236.128.0/17
    54.224.0.0/15
    204.236.224.0/19
    204.236.192.0/18
    184.73.0.0/16
    184.72.128.0/17
    54.253.0.0/17
    54.215.0.0/17
    54.244.64.0/18
    54.214.0.0/17
    54.250.0.0/17
    54.250.128.0/18
    184.72.64.0/19
    54.216.0.0/15
    54.208.0.0/15
    54.226.0.0/15
    54.229.0.0/17
    54.232.128.0/18
    54.215.128.0/18
    54.214.128.0/17
    54.240.16.0/24
    184.72.96.0/19
    54.254.0.0/17
    54.218.0.0/17
    54.218.128.0/17
    54.250.192.0/18
    54.254.128.0/17
    54.238.0.0/17
    50.16.252.0/22
    50.17.0.0/16
    50.19.0.0/17
    54.156.0.0/14
    54.151.0.0/17
    54.93.32.0/19
    54.93.64.0/18
    54.93.0.0/19
    52.0.0.0/15
    54.93.128.0/17
    52.64.0.0/17
    52.8.0.0/16
    185.48.120.0/22
    54.95.0.0/17
    54.79.0.0/17
    54.94.0.0/17
    54.87.0.0/16
    54.76.0.0/15
    52.10.0.0/15
    54.152.0.0/16
    54.153.0.0/17
    54.153.128.0/17
    52.16.0.0/15
    52.74.0.0/16
    54.183.0.0/17
    54.176.0.0/15
    54.74.0.0/15
    54.95.128.0/17
    54.89.0.0/16
    54.90.0.0/15
    54.191.0.0/16
    54.233.64.0/18
    54.233.128.0/17
    52.12.0.0/15
    52.28.0.0/16
    54.190.0.0/16
    54.88.0.0/16
    54.179.128.0/18
    54.94.128.0/18
    54.210.0.0/16
    52.68.0.0/15
    52.4.0.0/14
    52.24.0.0/14
    54.92.0.0/17
    54.64.0.0/15
    54.183.128.0/17
    96.127.64.0/18
    54.166.0.0/15
    54.92.128.0/17
    54.164.0.0/15
    52.76.0.0/17
    54.168.0.0/16
    54.68.0.0/15
    54.70.0.0/15
    54.78.0.0/16
    54.179.192.0/18
    54.66.0.0/17
    54.160.0.0/14
    52.2.0.0/15
    52.95.52.0/22
    54.169.0.0/17
    52.18.0.0/15
    54.66.128.0/17
    54.172.0.0/15
    54.171.0.0/16
    54.170.0.0/16
    54.67.0.0/17
    54.174.0.0/15
    54.169.128.0/17
    54.94.192.0/18
    54.144.0.0/14
    54.148.0.0/15
    54.151.128.0/17
    54.150.0.0/16
    54.93.0.0/16
    54.79.128.0/17
    54.178.128.0/17
    54.154.0.0/16
    54.155.0.0/16
    52.20.0.0/14
    52.95.241.0/24
    52.95.243.0/24
    52.95.242.0/24
    52.95.244.0/24
    52.95.245.0/24
    52.95.240.0/24
    52.95.246.0/24
    52.95.247.0/24
    52.64.128.0/17
    52.29.0.0/16
    52.88.0.0/15
    52.70.0.0/15
    52.72.0.0/15
    52.86.0.0/15
    52.90.0.0/15
    54.223.32.0/19
    54.223.64.0/18
    52.30.0.0/15
    52.95.248.0/24
    52.32.0.0/14
    52.76.128.0/17
    52.77.0.0/16
    52.9.0.0/16
    52.52.0.0/15
    52.192.0.0/15
    23.20.0.0/14
    50.16.0.0/16
    50.16.0.0/14
    50.112.0.0/16
    52.65.0.0/16
    52.62.0.0/15
    52.48.0.0/14
    198.18.84.0/23
    
    

    Aggregated

    
    23.20.0.0/14
    50.16.0.0/14
    50.112.0.0/16
    52.0.0.0/13
    52.8.0.0/14
    52.12.0.0/15
    52.16.0.0/12
    52.32.0.0/14
    52.48.0.0/14
    52.52.0.0/15
    52.62.0.0/15
    52.64.0.0/15
    52.68.0.0/14
    52.72.0.0/15
    52.74.0.0/16
    52.76.0.0/15
    52.86.0.0/15
    52.88.0.0/14
    52.95.52.0/22
    52.95.240.0/21
    52.95.248.0/24
    52.192.0.0/15
    54.64.0.0/15
    54.66.0.0/16
    54.67.0.0/17
    54.68.0.0/14
    54.72.0.0/13
    54.80.0.0/12
    54.144.0.0/12
    54.160.0.0/12
    54.176.0.0/15
    54.178.0.0/16
    54.179.128.0/17
    54.183.0.0/16
    54.184.0.0/13
    54.193.0.0/16
    54.194.0.0/15
    54.196.0.0/14
    54.200.0.0/13
    54.208.0.0/13
    54.216.0.0/14
    54.220.0.0/15
    54.223.32.0/19
    54.223.64.0/18
    54.224.0.0/14
    54.228.0.0/15
    54.232.128.0/17
    54.233.64.0/18
    54.233.128.0/17
    54.234.0.0/15
    54.236.0.0/15
    54.238.0.0/16
    54.240.8.0/21
    54.240.16.0/24
    54.240.24.0/22
    54.241.160.0/19
    54.241.192.0/18
    54.242.0.0/15
    54.244.64.0/18
    54.244.128.0/17
    54.249.64.0/18
    54.249.128.0/17
    54.250.0.0/16
    54.253.0.0/16
    54.254.0.0/15
    63.92.12.0/22
    63.238.12.0/22
    63.238.16.0/23
    66.7.64.0/19
    67.202.0.0/18
    72.44.32.0/19
    75.101.128.0/17
    96.127.64.0/18
    107.20.0.0/14
    174.129.0.0/16
    184.72.64.0/18
    184.72.128.0/17
    184.73.0.0/16
    185.48.120.0/22
    198.18.84.0/23
    204.236.192.0/18
    208.47.248.0/23
    209.201.96.0/22
    216.182.224.0/20
    
    

  • May we know how this list of IPs can be updated? whois just lists 52.0.0.0/11….


  • Can someone help with blocking betternet?

    I tried to block access to the following, but it doesn't work.
    54.164.234.179
    52.0.79.127

    When I run the following, I get a different IP than previously posted:

    host -t A betternet.co
    betternet.co has address 146.112.61.104

    Thanks!


  • Did you read any of the previous posts in this thread??  Betternet has a lot more IP addresses than just those two you listed.


  • I wasn't sure if it was necessary to block all of those IPs. I'll give that a go. Thanks for the reply KOM.


  • Wow. That's all I can say. Not only are the "hero members" here rude, they are terrible at their job. The proper way to find out how to block this app is not to use zenmap on the client. You should be looking at firewall logs filtered by the client's IP. If you listen to the "heros" here you are blocking huge blocks of AWS (legit websites) and IP blocks that aren't even pulic. I was hoping to google up a quick fix before I installed it and watched it, and this isn't it.

  • Moderator

    @BBcan177:

    host -t A betternet.co
    betternet.co has address 54.164.234.179
    betternet.co has address 52.0.79.127

    AS        | IP                      | AS Name
    14618  | 54.164.234.179  | AMAZON-AES - Amazon.com, Inc.,US

    Probably going to have issues blocking these IPs as its using Amazon…

    For Betternet, its not so easy to block as its intermingled in Amazon, as per my previous post.

    I don't use betternet, but some google searching didn't return any lists of IPs… If your going to watch the firewall logs, its also going to be hit and miss...


  • Uh, yeah it's not that easy because you are doing it wrong. If you are doing it right it's certainly not " hit or miss". It connects to AWS servers first on 443, then it sends all traffic though 8080 on different servers. You would see this if you were looking at it correctly instead of doing a whois on betternet. Just in case anyone doesn't want to block huge blocks of legit IPs, here is the answer: block 172.98.85.0/23.


  • @KOM:

    Have a nice day.

    My mom always said ignorance is bliss and being smart has its drawbacks. All you can do is ignore the drama and say "have a nice day".


  • So the guy that has been nothing but rude, and has no idea what he is talking about is the smart one in your estimation?  This board's "heros" are real winners.