• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How to Block software ultrasurf

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> How to Block software ultrasurf Page: [1]
Login
Message << Older Topic   Newer Topic >>
How to Block software ultrasurf - 30.Oct.2008 7:48:41 AM   
nadeemafzal1974

 

Posts: 9
Joined: 30.May2007
Status: offline
Dear Friends,

I am using ISA 2004 Enterprise edition with Storage and Array Setup. Some days ago I have seen that some of users using ultrasurf software to by paas ISA server for internet surfing and access blocked sites. Can someone help me that how can I block this software of my ISA server so that nobody can override the ISA server?

Regards,

Nadeem Afzal
Post #: 1
RE: How to Block software ultrasurf - 30.Oct.2008 10:25:44 AM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Hi Nadeem,

UltraSurf is a hard one to block from ISA itself because it uses the local host computer through port 9666 as it’s proxy to intercept browser requests and encrypt them through 443/SSL traffic through your corporate proxy server. UltraSurf uses a network of anonymous proxies like Botnets that can change dynamically at any given time.

So how can you successfully block it? Well I don’t know if you can totally but you may be able to deter it a bit.
A few ways are:

Policy – Do you have an acceptable use policy in-place? If you do then I would think the threat of job loss and termination should be a darn good deterrent.

At the local host – Using group policy, restrict access to the local host site in IE. That would be 127.0.0.1 and Ultra1 that it resolves to. If you have the capability, restrict TCP port 9666 on the local host outbound. Setting software restriction in group policy is another to prevent the UltraSoft application from running.

On the ISA – Go to http://www.isaserver.bm and download Steve’s blocking anonymous domain sets and configure a deny access rule to help block anonymous proxy access. You won’t totally stop access but the list will defiantly put a damper on accessing the most popular sites.

Collective software ClearTunnel is another ISA add-on to help uncover scrupulous activity.   

 http://www.collectivesoftware.com/Products/ClearTunnel


HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to nadeemafzal1974)
Post #: 2
RE: How to Block software ultrasurf - 30.Oct.2008 11:43:30 AM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
quote:


Collective software ClearTunnel is another ISA add-on to help uncover scrupulous activity.  


Correction: Unscrupulous activity

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to nadeemafzal1974)
Post #: 3
RE: How to Block software ultrasurf - 18.Feb.2013 8:52:47 AM   
nastaran.m

 

Posts: 1
Joined: 18.Feb.2013
Status: offline
Hi
I know it's too late, but here is a solution for this problem.However I myself needed the opposite, I wanted to let UltraSurf through ISA in special occasions.
You should define a policy based on users, not ip's. For example allow from internal to external then in 'condition' field, you define the users group whom you wish permission to internet. Then these users are able to access internet, but UltraSurf cannot connect to it's server, because in this case, the user is undefined.
However, some other applications might also be blocked in this way.

Regards
Nastaran

< Message edited by nastaran.m -- 18.Feb.2013 8:54:26 AM >

(in reply to Rotorblade)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> How to Block software ultrasurf Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts