Re: [squid-users] ULTRASURF (anti-filtering program) problem

From: Amos Jeffries <[email protected]>
Date: Tue, 22 Jan 2008 18:17:44 +1300

Amos Jeffries wrote:
> SSCR Internet Admin wrote:
>> Hi,
>>
>> This is an off topic, but here it goes...
>>
>> I would like to ask if anyone from squid mailing list has stumble upon
>> ultrasurf that can bypass any filtering products such as squidguard.
>> I have
>> setup a test pc with ip being blocked on squidguard. But to my
>> surprise it
>> bypass everything ive setup and with ultrasurf running on my test pc, IE
>> internet setting has been changed to use 127.0.0.1 using port 9666.
>>
>> I know that this is a kernel level issue and I havent successfully
>> blocked
>> 9666 via iptables, maybe someone could try it out and maybe come up
>> with a
>> solution, before young students could have this program since you
>> don't need
>> to install this on a PC, just run u.exe and youre done bypassing.
>>
>>
>> Thank you and God bless...
>>
>
> Never heard of them. But going by the documentation they are
> HTTPS-tunneling all traffic from the localhost outbound.
>
> You and most would naturally allow HTTPS CONNECT requests through
> without filters for all the banking and secure sites that need it.

And a read of the code confirms it. Seems to be interfacing with PuTTY,
stunnel, and several HTTP CONNECT methods.

>
> If I'm right about it using HTTPS-tunnels you will need squid 3.1 with
> SSLBump to filter this programs traffic properly. We are just awaiting
> some of Alex's time for the SSLBump to be integrated fully into the
> daily snapshots.

Amos

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
Received on Mon Jan 21 2008 - 22:17:47 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST