Difference between revisions of "How to Detect and Block Hotspot Shield program traffic(openvpn application)"

From MikroTik Wiki
Jump to: navigation, search
m (HOTSPOT-SHIELD)
m (HOTSPOT-SHIELD)
Line 13: Line 13:
  
 
mangle rules
 
mangle rules
 +
  
 
ip firewall mangle
 
ip firewall mangle
 
 
add action=add-src-to-address-list address-list=HotSpotShieldUsers \
 
add action=add-src-to-address-list address-list=HotSpotShieldUsers \
 
     address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers \
 
     address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers \
Line 22: Line 22:
 
     address-list-timeout=4w2d chain=prerouting comment=HotSpotShieldServers \
 
     address-list-timeout=4w2d chain=prerouting comment=HotSpotShieldServers \
 
     disabled=no src-address-list=HotSpotShieldUsers
 
     disabled=no src-address-list=HotSpotShieldUsers
add action=mark-packet chain=prerouting comment=\
 
  
  
Line 29: Line 28:
  
 
ip firewall filter
 
ip firewall filter
 
 
add action=log chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
 
add action=log chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
 
     log-prefix=HotSpotShield src-address-list=HotSpotShieldUsers
 
     log-prefix=HotSpotShield src-address-list=HotSpotShieldUsers

Revision as of 16:22, 23 April 2011

Some companies and organizations has its own security policy they have use OPENDNS address in order to prevent users in these companies and organization from accessing certain web sites but there are many PROXY and VPN client programs that can help you bypass these policies and one of the most famous and fastest VPN client program is Hotspot-Shield it is free program and easy to install and use keep in your mind that this kind of prgrams doesn't use specific TCP ,UDP ports to establish VPN connection with different VPN server around the world so it do port hopping and it is use a well known port number to communicate with VPN server which is 443 as its destination port address i have tried to block with TCP or UDP port addresses also when i block 443 it can not establish connection with VPN server i have tried to block it using OPENDNS but no way after searching in many web sites i found that i can block this program if i have a digital signature for it but i don't have also i found we can match on connection with tcp port 80 content 127.0.0.1:895 in order to see the traffic that program send it .although that we can match the traffic but we can not block it

if you want to block this traffic in mikrotik v3.30 you have to add these rules into mangle and firewall

mangle rules


ip firewall mangle add action=add-src-to-address-list address-list=HotSpotShieldUsers \

   address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers \
   content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp

add action=add-dst-to-address-list address-list=HotSpotShieldServers \

   address-list-timeout=4w2d chain=prerouting comment=HotSpotShieldServers \
   disabled=no src-address-list=HotSpotShieldUsers


firewall rules

ip firewall filter add action=log chain=forward comment="\"Block HotSpot Shield\"" disabled=no \

   log-prefix=HotSpotShield src-address-list=HotSpotShieldUsers

add action=drop chain=forward comment="\"Block HotSpot Shield Servers\"" \

   disabled=no dst-address-list=HotSpotShieldServers

add action=drop chain=forward comment="\"Block HotSpot Shield Users\"" \

   disabled=no src-address-list=HotSpotShieldUsers