nixCraft

laluvirtual · #1 (**permalink**) 11-17-2007, 05:49 AM

How to Block Ultrasurf from linux server?

this is complete info what is ultrasurf
ÎÞ½çÍøÂç
http://www.wujie.net/downloads/ultrasurf/u.zip

Thanks

laluvirtual · #2 (**permalink**) 11-20-2007, 06:47 AM

no one have used this software?

So what exactly it is??
It is the flagship software product from UltraReach Internet Corp. for Internet anti-censorship. It enables users inside countries with heavy Internet censorship to visit any public web sites in the world safely and freely. it enables users to browse any website freely just the same as using the regular IE browser while it automatically searches the highest speed proxy servers in the background.
Learn More

Until now i still wait respond to solved this problem

monk · #3 (**permalink**) 11-20-2007, 09:59 AM

Block ÎÞ½çÍøÂç ip address 67.15.183.30 at firewall or use squid ACL, if you know the port number for the software block that too

laluvirtual · #4 (**permalink**) 11-21-2007, 10:17 AM

hi monk i have try your suggestions block that ip, port (9666) and its domain but no luck

nixcraft · #5 (**permalink**) 11-21-2007, 10:55 AM

How did you blocked port using iptables or sqiud? Are you sure clients are using your proxy?

laluvirtual · #6 (**permalink**) 11-22-2007, 05:59 AM

I tried both. this is using iptables

Code:

*mangle
:PREROUTING ACCEPT [192.168.1.0:24]
:OUTPUT ACCEPT [0:0]

-A PREROUTING -p tcp --dport 22 -j TOS --set-tos 0x10
COMMIT

*filter
:INPUT ACCEPT [32296:2595574]
:FORWARD ACCEPT [327:113979]
:OUTPUT ACCEPT [42157:3445894]
#firewall
-P FORWARD DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

# Block MAC
#suspect
#-A INPUT -m mac --mac-source 00:0E:7B:C9:13:0B -j DROP

#Block IP
#UltraSurf
-A INPUT -s 67.15.183.30 -j DROP
-A FORWARD -s 67.15.183.30 -j DROP
-A OUTPUT -s 67.15.183.30 -j DROP

-A INPUT -p tcp -m tcp --dport 9666 -j DROP
-A FORWARD -p tcp -m tcp --dport 9666 -j DROP
-A OUTPUT -p tcp -m tcp --dport 9666 -j DROP


:INPUT ACCEPT [192.168.1.0:24]
:FORWARD ACCEPT [192.168.1.0:24]

:OUTPUT ACCEPT [0:0]

#-A INPUT -p tcp -m tcp --dport 10000 -j DROP
-A INPUT -i eth0 -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT

COMMIT

# Completed on Wed Jun 21 12:35:13 2006
# Generated by iptables-save v1.2.3 on Wed Jun 21 12:35:13 2006
*nat
:PREROUTING ACCEPT [8009433:454311769]
:POSTROUTING ACCEPT [1529638:95155672]
:OUTPUT ACCEPT [1273134:83856339]
-A PREROUTING -s 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.xxx:port
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT

some lines on iptables script above i cut for security reason but if u want it, let me know and i will send it to your inbox.

and this one using squid

Code:

acl porn1 dstdomain "/etc/squid/data_porn.txt"

this is content of data_porn.txt
.ultra*
.wujie.net

yes i sure that my user using proxy (transparent), all site that i put at data_porn.txt can't be access. this is an example

Code:

ERROR

 The requested URL could not be retrieved

   While trying to retrieve the URL: sex.com 
 The following error was encountered:  Access Denied.   Access control configuration prevents your request from being allowed at this time.  Please contact your service provider if you feel this is incorrect.
Your cache administrator is webmaster@MYDOMAIN.COM.    
 
  Generated Thu, 22 Nov 2007 01:30:46 GMT by proxy.MYDOMAIN.COM (squid/2.5.STABLE14)

Note: its only not work at Internet Explorer (IE) Browser

I really need your help nixcraft
Thank you

monk · #7 (**permalink**) 11-24-2007, 10:59 AM

Are you sure this software only uses 9666 port? If so block it using /etc/sysconfig/iptables add 9666 as drop rule.

laluvirtual · #8 (**permalink**) 11-24-2007, 06:01 PM

yes i'm sure. did u see my iptables script above that block port 9666.

hi monk can you download the software and test it on your computer so that u know thw truth please?

Thank you

laluvirtual · #9 (**permalink**) 11-28-2007, 05:21 AM

halo any body tried this case?

Tony S · #10 (**permalink**) 06-15-2008, 04:21 PM

Quote:

Originally Posted by laluvirtual

halo any body tried this case?

Hi
Unfortunatley the port un UltraSurf is 9666 on localhost, and the software is using this as a proxy it is injecting into the IE on the fly. This equates to a website called http://Ultra1

One way of controlling the program, I have found so far, is to place ultra1 in the Restricted Zone in Internet Options / Security / Restricted Sites of IE. Go to Custom Level and set all items to Disable or High Safety except Popup Blocker.

The program appears to make a lot of DNS calls to find the servers it is using. Blocking the servers it talks to may be another way, but it is not using port 80 or whatever your proxy server is.

Tony S

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How to Block Spam Mails in Sendmail	ppnair	Mail Servers	3	Yesterday 12:06 AM
Bad Superblock At Block : Magic Number Wrong	Ashish Pathak	Solaris/OpenSolaris	2	10-18-2007 08:11 PM
Iptables block ip address	raj	Getting started tutorials	0	05-05-2007 01:01 AM
How to block gtalk messenger through squid	bubloob_13	Linux software	0	04-16-2007 11:59 AM
How to block sites in Squid	joproz	Linux software	2	11-18-2006 05:00 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

nixCraft

How to Block Ultrasurf

How to Block Ultrasurf

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads