How to block dodge chrome?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to block dodge chrome?

L1 Bithead

Hi.. all

Do you know "dodge chrome"?

This is bypass the url filtering by the modified google chrome.

(http method : get \r\n )

I do not find the related signature in palo alto applipdia.(app-id , ips , virus)

How to block dodge chrome?

1 accepted solution

Accepted Solutions

L4 Transporter

Finally found a build of DodgeChrome with some google-fu and did some testing.  Traffic generated by this client is identified as unknown-tcp by the firewall, not web-browsing.  If you block unknown-tcp the client will be unable to transfer data. 


Custom signatures will not be possible for this because the string you are looking for is less than 7 bytes, and with the session identified as unknown-tcp you can not utilize HTTP contexts for pattern matching.


View solution in original post

4 REPLIES 4

L7 Applicator

Hello Wooki,

Could you please go through this doc:

?

Enabling Strip X-Forward-For Feature Blocks Communications to Certain Websites

Did you try the custom signature to block this:

Creating Custom Threat Signatures

Custom Application Signatures

Thanks

L7 Applicator

You can probably do a packet capture and modify this procedure that blocks Chrome to be unique for Dodge Chrome.

How to Block Google Chrome

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L4 Transporter

Finally found a build of DodgeChrome with some google-fu and did some testing.  Traffic generated by this client is identified as unknown-tcp by the firewall, not web-browsing.  If you block unknown-tcp the client will be unable to transfer data. 


Custom signatures will not be possible for this because the string you are looking for is less than 7 bytes, and with the session identified as unknown-tcp you can not utilize HTTP contexts for pattern matching.


Thanks a lot !!!!

  • 1 accepted solution
  • 3223 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!