Page 7 of 14 FirstFirst ... 56789 ... LastLast
Results 61 to 70 of 133
  1. #61
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,704

    Default

    actually with the policy manager you can create another rack that allows https for staff and kills https for the students in another rack.

  2. #62
    Untangler
    Join Date
    Aug 2010
    Posts
    64

    Default

    Quote Originally Posted by hescominsoon View Post
    actually with the policy manager you can create another rack that allows https for staff and kills https for the students in another rack.
    sound good but the problem that im having is that i need some https sites to pass due to some of them are educational sites any ides on how i can pass some of these https sited , since i cant add them esoft pass list?

  3. #63
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by techdummy101 View Post
    sound good but the problem that im having is that i need some https sites to pass due to some of them are educational sites any ides on how i can pass some of these https sited , since i cant add them esoft pass list?
    You can add them by IP or now by hostname in 8.0 if the client uses SNI with HTTPS.
    SNI depends on browser/OS.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #64
    Untangler
    Join Date
    Oct 2010
    Posts
    39

    Default

    Quote Originally Posted by wharfratjoe View Post
    Thump: I totally see your point. However this is can be like battling spam in away. With the right tools in place it can be almost eliminated. We do what we can with what we have to work with (budgets, political red-tape, not enough manpower, etc.). IMO if Protocol signatures can be created like hescominsoon posted above and if these can be added to the list as default rules that admins can choose to use in the next round of updates or even release of Untangle then it would be much much easier to manage for most and maybe all of these types of proxy programs.
    I hear what you're saying.. it's just that these types of programs evolve so fast that the second you nail down the current set of ports/IPs that it uses then it'll pop back up with a new twist. It's more like virus detection - you'll never keep up without a team of researchers to keep the signatures current. I'd guess you'll spend less time implementing a good whitelist approach than trying to keep up with all the variations of these little programs.

  5. #65
    Banned
    Join Date
    Dec 2010
    Posts
    2

    Default

    mm so interesting

  6. #66
    Untangler
    Join Date
    Oct 2010
    Posts
    73

    Default

    Quote Originally Posted by sky-knight View Post
    Ultrasurf can be controlled if you have the eSoft filter, and you back it up with OpenDNS.

    If you're using Untangle Lite... give it up.
    can you tell me how to do with eSoft? pls explain step by step...

  7. #67
    Untangle Ninja gotkimchi's Avatar
    Join Date
    Jan 2007
    Location
    Bay Area
    Posts
    2,106

    Default

    "Install bandwidth control.
    Add a rule around #5 or #6 that says Dest Port = 30675 then send client to penalty box, limited severely, 30 minutes.
    Right after that, make additional rules for destination IP range of 65.49.14.0/24 and 65.49.2.0/24 same result, send client to penalty box.
    Then it will be severely slow even if it does get through.

    If you want to be really mean you can turn down limited severely even further to 1% and 1% max.
    This will mean they'll barely even be online if at all, but the client won't be blocked so its less likely to try other things. (Even if it does it will be brutally slow)


    The key to this is that because we don't try to block it, just rate limit it, it shouldn't try other magic to try to get around the block..


    Additionally, the admin can see that this rule was triggered, so he knows what the user was doing."

    I have tested this last night and it works.


    update:
    Update: Running Ultrasurf 10.06, please remember that ultrasurf only works with IE.
    If ultrasurf is running, I wasn't able to get to my untangle gui screen from the PC. (ultrasurf was running on that PC).
    Few things you can do. First you can create a firewall rule to block these destination ports and log it. Destination ports 5050,5190,3158,1863 and everything else any, any, any, any. This will get triggered and you will know which users are using ultrasurf within your network.
    To control it, this works ok, you will need to use the bandwidth app and create a rule for destination port 5050,5190,3158,1863. These are not all the ports so sometimes ultrasurf works normal, however, most of the time, it should get triggered.
    to be understood, you must first understand. :)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

  8. #68
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Very cool!
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #69
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,518

    Default

    eSoft is the best content control filter on the market. It got there because of the dynamic way in which it categorizes sites, and automatically submits unknown URLs to be categorized.

    So, as long as the proxy is using HTTP or HTTPs, it will see it, log it, and get the URL categorized eventually. This kills proxies. The only thing it can't stop are non-standard proxy applications that don't use standardized protocols to get the web content. So any of the "proxy" things that is more of a VPN in nature will get right past it.

    Of course for that matter such VPN based technology will get past anything...

    Did you remove RDP from those school workstations? There is little stopping a high school kid from RDP'ing home and surfing from there now is there?

    Give me a security system, and I'll give you 100 ways to get around it. Nothing is perfect. What you need to do is log the traffic, attempt to pin it to a student, and provide the information to the administration so disciplinary action can be taken. The technology isn't there to stop the kids from being stupid, it's there to catch them so they can be corrected.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #70
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,372

    Default

    Quote Originally Posted by tylervo View Post
    Esoft from my test, can deal with ultrasurf, but there is almost another 10 app and I dont know how eficient is esoft.
    Maybe, you can enforce your envoirment with captive portal.
    And also, if the users are only students, can permit only port 80 http in firewall app, only permit port 443 https to valid few home banking and valid web mail ips.
    Yes its an overhead of managment and support, but is our job this.
    I hate you use my words in other post to spam in your signature
    The world is divided into 10 kinds of people, who know binary and those not

Page 7 of 14 FirstFirst ... 56789 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2