Results 1 to 9 of 9
  1. #1
    Master Untangler
    Join Date
    Feb 2013
    Posts
    104

    Default Critical issue with Untangle (all versions) on a core level

    Dear All,
    Currently with one of our customers who has 500 device license we faced an issue, which does not have resolutions, but workaround I have found, which is not stable

    Untangle NG firewall has issue with Anydesk - remote support software (anydesk.com)

    Our client company is mostly, remote support based and they use anydesk almost on all devices.
    When anydesk is launched, untangle core, is getting error saying - can not parse URL (unspecified character)

    When many users try to connect anydesk... - Untangle CPU goes high and gets not responding. Web interface is also not responding ...
    a) Non responsive web UI
    b) Slow internet connection for all Clients



    after 1 week of trouble shoot, I have found all anydesk hostnames and IP addresses (have attached files) its about 500...

    Workaround is to add all 500 Ips to - Config - Network - Bypass rule

    But this is not a fix, but just a workaround, because anydesk can add new IP or hostname any time and again Untangle will get non responding.

    To reproduce ussie:

    1) Install anydesk on any PC
    2) Install threat prevention - its the most easy way to see error in UVM logs (var/log/uvm)
    It does not matter, webfilter / threat prevention / application control ...
    error is everywhere on a core level
    3) Start anydesk

    anydesk will try to connect to (for example):
    relay-f2c14400.net.anydesk.com
    relay-048e8b10.net.anydesk.com

    Untangle will have UVM error like:
    Jun 15 10:58:21 localhost app-24: [ThreatPreventionHttpsSniHandler] <TCP106411364795959> ERROR Could not parse (illegal character): anynet relay

    Currently, I cant give any feed back to Client. Because there is no fix.
    And workaround i have found, is only adding ALL anydesk hostname IP addreeses to by pass... Which again, is only matter of time when anydesk will add new address

    So currently we have no solution (except not stable workaround)

    We have opened a ticket with Untangle Support, but currently we have no solution.
    if anyone has faced the same issue, or may know anything, please let us know

    Thanks
    Attached Files Attached Files
    Last edited by boris.minakov; 06-17-2021 at 02:36 PM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,665

    Default

    We have an open bug for it. This is due to anydesk using non standard http characters. This only affect customers using Threat Prevention app.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    Ewww... and because anydesk runs via CDN you can't readily use policy rules to shove it into its own policy!

    So yeah, only fix right now is to turn off Threat Prevention.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler
    Join Date
    Feb 2013
    Posts
    104

    Default

    Hello,
    It also relates to a webfilter

    Jun 15 11:46:45 localhost app-18: [WebFilterHttpsSniHandler] <TCP106411365256667> ERROR Could not parse (illegal character): anynet relay

    To be honest, i had disabled:

    1) Threat prevention
    2) Application control - I did not find the log of it (the error) but till application control was enabled, same WEB UI slow response was seem
    3) Also as webfilter is critical for us, i leave it enabled and put all 500 IPs to by pass as a workaround

    To be honest, i suppose its related to a HTTP / HTTPS parser on a core level
    So its all applications where parser takes action
    Last edited by boris.minakov; 06-18-2021 at 01:33 AM.

  5. #5
    Untanglit
    Join Date
    Mar 2020
    Posts
    15

    Default

    Quote Originally Posted by jcoffin View Post
    We have an open bug for it. This is due to anydesk using non standard http characters. This only affect customers using Threat Prevention app.
    What non-standard http characters are they using??


    Sent from my iPhone using Tapatalk

  6. #6
    Newbie
    Join Date
    Jun 2021
    Posts
    9

    Default

    I am not sure I would categorize this as a "Critical issue with Untangle (all versions) on a core level"... seems to only be related to Anydesk users... not sure how many subscribers they have but I don't have any clients running that so it's not a "core level" issue for our clients.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    Quote Originally Posted by theautomationstation View Post
    I am not sure I would categorize this as a "Critical issue with Untangle (all versions) on a core level"... seems to only be related to Anydesk users... not sure how many subscribers they have but I don't have any clients running that so it's not a "core level" issue for our clients.
    Yeah, and how much compatibility do you want with vendors that don't follow the standards?

    Still, this is a DOS concern for Untangle. Anything that uses some off standard characters in the wrong place can nuke the UTM, that's pretty fundamental.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,665

    Default

    Quote Originally Posted by sky-knight View Post
    Still, this is a DOS concern for Untangle. Anything that uses some off standard characters in the wrong place can nuke the UTM, that's pretty fundamental.
    It doesn't nuke the UTM, it is just not processed by TP. SSL Inspector has a setting to "Block Invalid HTTPS Traffic" for these scenarios.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    Quote Originally Posted by jcoffin View Post
    It doesn't nuke the UTM, it is just not processed by TP. SSL Inspector has a setting to "Block Invalid HTTPS Traffic" for these scenarios.
    A non-responsive web UI while the unit chokes setting up new web sessions is nuked. And I don't care about SSL inspector, MITM'ing SSL isn't an acceptable solution now or ever.

    Software must be able to gracefully handle unexpected inputs. But, you know this... and I know Untangle will get this fixed.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2