How To Block UltraSurf on Mikrotik

Someone asked how to block Ultrasurf in mikroti, honestly I have never seen customers using Ultrasurf, so do not know exactly what should be on the block.

Search on google about it a lot also block Ultrasurf wrote it, and the following results on the search for the block Ultrasurf with layer7 mikrotik

(Block Ultra Surf Ini dari forum.mikrotik.com

/ip firewall layer7-protocol
add name=ultrasurf regexp="^\16\03\01\00\41\01\00\00\3D\03\01"


/ip firewall mangle
add chain=prerouting action=add-dst-to-address-list protocol=tcp\
address-list=ultrasurf address-list-timeout=0s layer7-protocol=ultrasurf\ in-interface=lan dst-port=443

Working or not please try it, I have not tried

To block Ultrasurf in squid open / etc / squid.conf and then put the following line in the config squid ( rippingthepinguin )


# bloking UltraSurf/Skype
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny CONNECT numeric_IPs all

Ultrasurf block with iptables ( forum.Mikrotik.com )


iptables -I FORWARD -m tcp -p tcp --dport 443 -m string --to 256 --hex-string '|16030100410100003d0301|' --algo bm -j DROP


iptables -I FORWARD -m tcp -p tcp --tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string --to 256 --hex-string '|16030100410100003d0301|' --algo bm -j DROP

This will block the tcp packet sent from client to tcp-flags ACK, PSH set and contains a "Client Hello".

Once again I have not tried it.

Posted by Unknown on Jumat, 10 Februari 2012 - Rating: 4.5

Title : How To Block UltraSurf on Mikrotik
Description : Someone asked how to block Ultrasurf in mikroti, honestly I have never seen customers using Ultrasurf, so do not know exactly what should ...

Tweet