This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Block PSIPHON 3

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block PSIPHON 3

Go to solution
VinceM
L5 Sessionator

‎09-21-2015 08:10 AM - edited ‎09-21-2015 08:11 AM

Hi all,

 

Does anybody already try with success to block Psiphon (https://www.psiphon3.com) ?

It's quite easy when psiphon is configured in VPN mode but how can I do that when VPN is not used ?

 

Thanks in advance for sharing.

 

V.

1 person had this problem.
Labels:
0 Likes Likes
13 REPLIES 13

Go to solution
VinceM
L5 Sessionator
In response to OtakarKlier

‎09-23-2015 06:19 AM

HI,

 

Thx for your help.

But it seem it's not enaugh for blocking psiphon 😞

I ask for new app.

 

V.

Go to solution
VinceM
L5 Sessionator

‎10-08-2015 12:39 AM

Hi all,

 

After opening a case, the answer is: Decryption enabled (blocking unsupported cypher-suite) + denying 'psiphon' application in security policy should be enough.

 

Need to be tested.

 

V.

0 Likes Likes

Go to solution
Kali
L2 Linker
In response to VinceM

‎10-08-2015 07:45 AM

Hi, can you elaborate more of your settings?

 

Decrypting all or just specific sites/url categories?

Go to solution
mvidic
L2 Linker
In response to Kali

‎12-08-2015 12:19 AM - edited ‎12-08-2015 12:36 AM

Hi everyone.

In my experience SSL decryption and blocking the application Psiphon was not enough, it was only the first step. Psihon was stll able to connect. I discovered that Psiphon creates a Proxy service on localhost and changes proxy settings in browser to redirect browser traffic over Psiphon application. Psiphon application then forwards the traffic to the internet by its own sneaky methods:) I did Wireshark analysis and discovered that after SSL connection was blocked by PAN, Psiphon created a gzip encoded streaming tunel over tcp port 80 and PAN recognised it as "web-browsing" which was allowed. I tried to create a custom application but without success.

We successfully blocked the Psiphon by implementing SSL Decryption, blocking Psiphon application in the security policy and also by preventing users from changing their proxy settings using domain group policy.

Creating custom application signature for port 80 traffic and blocking it in the security policy on PAN would be more elegant but my signature caused too many false positives and it was easier to create a group policy.

 

LPM

Go to solution
seleftherakis
L1 Bithead

‎12-10-2015 01:09 AM

Hello,
from my testing, blocking just Psiphon while using decryption was not enough. If you leave the client to try and connect long enough, it will still connect.
The best results I've got was by blocking the following:
http-proxy
ike
ipsec (not ipsec-udp)
l2tp
psiphon
ssh
ssh-tunnel
unknown-tcp

with application-default

Regards,
Stavros

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks