[Snort-users] Ultrasurf Block Problem

Ryan Jordan ryan.jordan at ...1935...
Tue Feb 10 11:29:40 EST 2009

Trying to block Ultrasurf is going to be a major pain in the butt. From what
I can tell (after a few minutes' googling), it automates the process of
finding new proxy servers. At the network level, your safest bet would be to
restrict outgoing SSL traffic except for a whitelist of sites you trust.

If you have admin rights for the machines in your organization, you might
try preventing people from running the software in the first place. However,
this falls outside the realm of "snort help" and I wouldn't be much use to


On Tue, Feb 10, 2009 at 8:34 AM, Joel Esler <eslerj at ...11827...> wrote:

> Snort in Inline mode is able to drop traffic, however you'd need to write a
> rule to detect the ultrasurf traffic.  This can be done if you have a pcap
> of the traffic you'd like to defend against.
> On Tue, Feb 10, 2009 at 4:02 AM, Pardeep Sharma <
> pardeep.kumar at ...14516...> wrote:
>> Hi,
>> Plz can u tell me how can block ultrasurf using snort
> --
> Joel Esler
> http://www.joelesler.net
> ------------------------------------------------------------------------------
> Create and Deploy Rich Internet Apps outside the browser with
> Adobe(R)AIR(TM)
> software. With Adobe AIR, Ajax developers can use existing skills and code
> to
> build responsive, highly engaging applications that combine the power of
> local
> resources and data with the reach of the web. Download the Adobe AIR SDK
> and
> Ajax docs to start building applications today-
> http://p.sf.net/sfu/adobe-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090210/4b3efce0/attachment.html>

More information about the Snort-users mailing list