 |
Many cases experienced in the field when we do filtering client traffic for internet access. As technology develops many applications are made to do 'bypass' connections so that the filtering made will no longer be useful. Clients who use the application remain free to 'surf' the internet without getting filtered.
One of the most widely used applications is Ultrasurf VPN . This application uses TCP protocol and port 443. This is the reason is quite difficult to prevent or block connections from ultrasurf VPN. Moreover this application uses dynamic Public IP for connectivity. There are many ways we try to conquer the Ultrasurf VPN application using MikroTik router. However, not a few of these ways can ultimately be re-penetrated.
In this article we will experiment with a method that can later be implemented in the network to perform ultrasurf traffic filtering. How to use is combination of Mangle Firewall feature, Address List and also Filter.
Ultrasurf Traffic Detection
We will first detect the VPN Ultrasurf traffic that is run from the client devices.The detection step will use the Mangle Firewall feature. If any client is detected to enable UltraSurf then the client access to the internet will be blocked.
First do import IP Public from Ultrasurf Server to 'Address-List' in Firewall. For Public IP list can be downloaded here . After the download live done 'import' to the router.
Next add a rule mangle that will be used to detect VPN ultrasurf traffic from the client. Examples of mangle configuration as follows:
/ Ip firewall mangle
The mechanism of the above rule when there are clients who try to run Ultrasurf VPN with the purpose of Public IP Ultrasurf Server then the IP Address of the client will be entered into the Address List UltrasurfUser'automatically.
Block / Filter Client Traffic
The next step after we create rule 'Mangle' to detect Ultrasurf VPN traffic from client, then we will make rule to block / filter the client traffic.
Log in dimenu IP -> Firewall -> Filters -> Click Add [+] . Then we add the following configuration:
Until this step, the configuration is complete. For live testing we try to connect the Ultrasurf VPN application from each client device.
How Rule Works?
Broadly speaking the mechanism of the rule we have made above is when there is a user who connects Ultrasurf VPN then the IP Address of the device will be entered into the address-list UltrasurfUser dynamically. With that we can then drop the activity of internet connection client from its IP Address directly.
How long the IP Address client on the Address-List UltrasurfUser in accordance with the rule mangle that we set above is for 5 seconds. As long as the Client does not close the Ultrasurf application, then the IP Client will still be recorded with the addition of 5 seconds periodically. But when the client closed the application Ultrasurf VPN then after 5 seconds and detected by the Router there is no activity from the application then the IP Address client will be removed from the Address-List and the connection will run normally again.
No comments:
Post a Comment