Ultrasurf Blocking Fail

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L5 Sessionator

I believe you have already opened a case but incase you have not i would recommend opening a case with support with the following information

1. Application version of Ultrasurf

2. pcap of the traffic from the client side

3. traffic logs during your testing

4. techsupport file

Hope this helps.

Thanks

Numan

Highlighted
L6 Presenter

This is not wokring with last version

even using a decryption profile, ultrasurf works.

Highlighted
L5 Sessionator

I have followed on the issue. This currently being investigated by engineering team.

Thank you

Numan

Highlighted
L2 Linker

It seems ultrasurf has updated it's proxy network. based from the current version 13.04, PAN detects Ultrasurf and denies it. however it passes thru for some weird reasons and now the software calls for HE.NET which resides in the USA. i have responded to an older query regarding Ultrasurf but during that time, the software calls / connect to Taiwan (HINET) which i stated to block the whole country to prevent ultrasurf from connecting. What you can do for now is to double check your filters and make sure ultrasurf and unknown-tcp are on your app block-list. This may not be full proof but it can slow "ultrasurf" to a crawl (for the mean time). which i'm doing right now. Let's hope PAN team can resolve this quickly.

Highlighted
L5 Sessionator

Hi,

Same problem with TOR.

V.

Highlighted
L6 Presenter

My suggestion for all evasive apps like Ulrtrasurf, Tor, etc. is to open a support case when you find failure to block reliably. These apps are constantly evolving to try and evade control (evasive!). Once you have a support case open upload packet captures of the evasive traffic )capture it locally in your network) to the case. In many cases we find interesting regional differences in the application's evasion tactics. Having packet captures from your particular location is almost always a great help in determining what the app developer has added to the mix to try to fly under the radar.

-Benjamin

Highlighted
L5 Sessionator

Hello All,

I tested this on my firewall with latest App version (421) and it is being denied.

Regards,

Hari Yadavalli

Highlighted
Not applicable

for the time being we blocked the proxies as follow :

1-ssl decryption

2-block unknown App

3-block unknown url's

plus the app policy to deny the proxy software

Highlighted
Not applicable

try the following for TOR:

1- Enable SSl decryption if you don't want create  a policy with SSL as application and in the url profile block the unknown sites.

2-second policy to block TOR by deny application

3-block the unknown App also

Highlighted
L4 Transporter

you should also set block on SSL sessions which can't be decrypted (in decryption profile). Ultrasurf makes use of unsupported/unexisting SSL protocol options.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!