How to block dodge chrome?

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Reply
Highlighted
L1 Bithead

How to block dodge chrome?

Hi.. all

Do you know "dodge chrome"?

This is bypass the url filtering by the modified google chrome.

(http method : get \r\n )

I do not find the related signature in palo alto applipdia.(app-id , ips , virus)

How to block dodge chrome?


Accepted Solutions
Highlighted
L4 Transporter

Re: How to block dodge chrome?

Finally found a build of DodgeChrome with some google-fu and did some testing.  Traffic generated by this client is identified as unknown-tcp by the firewall, not web-browsing.  If you block unknown-tcp the client will be unable to transfer data. 


Custom signatures will not be possible for this because the string you are looking for is less than 7 bytes, and with the session identified as unknown-tcp you can not utilize HTTP contexts for pattern matching.


View solution in original post


All Replies
Highlighted
L7 Applicator

Re: How to block dodge chrome?

Hello Wooki,

Could you please go through this doc:

?

Enabling Strip X-Forward-For Feature Blocks Communications to Certain Websites

Did you try the custom signature to block this:

Creating Custom Threat Signatures

Custom Application Signatures

Thanks

Highlighted
L7 Applicator

Re: How to block dodge chrome?

You can probably do a packet capture and modify this procedure that blocks Chrome to be unique for Dodge Chrome.

How to Block Google Chrome

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Highlighted
L4 Transporter

Re: How to block dodge chrome?

Finally found a build of DodgeChrome with some google-fu and did some testing.  Traffic generated by this client is identified as unknown-tcp by the firewall, not web-browsing.  If you block unknown-tcp the client will be unable to transfer data. 


Custom signatures will not be possible for this because the string you are looking for is less than 7 bytes, and with the session identified as unknown-tcp you can not utilize HTTP contexts for pattern matching.


View solution in original post

Highlighted
L1 Bithead

Re: How to block dodge chrome?

Thanks a lot !!!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!