Re: [squid-users] ULTRASURF (anti-filtering program) problem

From: Amos Jeffries <[email protected]>
Date: Tue, 22 Jan 2008 17:27:05 +1300

SSCR Internet Admin wrote:
> Hi,
>
> This is an off topic, but here it goes...
>
> I would like to ask if anyone from squid mailing list has stumble upon
> ultrasurf that can bypass any filtering products such as squidguard. I have
> setup a test pc with ip being blocked on squidguard. But to my surprise it
> bypass everything ive setup and with ultrasurf running on my test pc, IE
> internet setting has been changed to use 127.0.0.1 using port 9666.
>
> I know that this is a kernel level issue and I havent successfully blocked
> 9666 via iptables, maybe someone could try it out and maybe come up with a
> solution, before young students could have this program since you don't need
> to install this on a PC, just run u.exe and youre done bypassing.
>
>
> Thank you and God bless...
>

Never heard of them. But going by the documentation they are
HTTPS-tunneling all traffic from the localhost outbound.

You and most would naturally allow HTTPS CONNECT requests through
without filters for all the banking and secure sites that need it.

If I'm right about it using HTTPS-tunnels you will need squid 3.1 with
SSLBump to filter this programs traffic properly. We are just awaiting
some of Alex's time for the SSLBump to be integrated fully into the
daily snapshots.

Amos

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
Received on Mon Jan 21 2008 - 21:28:30 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST