This is way easier to accomplish then trying to wack a mole their outbound traffic.Psiphon 3 is a light piece of software that enables you to hide your Internet activity from your ISP and other services that might be interested in monitoring your web navigation activity. So just do that from the get go and prevent the user from running or installing such apps like psiphon in the first place. Now this does prevent the bad shit that might exe on the users machine - which normally is what your trying to prevent. I can just run say rdp over 443 to my home IP and do whatever I want that way. If any port is open outbound, without running through a proxy or it proxies the tcp directly. That even with all that - blocking users from bypassing your filters so they don't do xyz is going to be a never ending wack a mole game right. Keep in mind its prob going to attempt ssh over more than just the standard 22 port. That SID they mention for ssh in the above link. They cost 1000's in licensing for a reason )īlocking stuff on specific signatures can be done with either of the IPS packages.
Or you could use one of the high cost solutions. Do they have an id in openappid for psiphon - not sure? You would have to look. With use of proxy, even dpi is possible with the openappid stuff. Now duplicate that on pfsense, which all can be done. Look at all the steps required there to "attempt" to stop it. Sorry but its not going to be click this button sort of setup. You would then need to duplicate that on pfsense. They all have guides that walk through all the different policies you have setup.
Look through many of the guides on blocking it on stuff like fortinet and sonicwall and PA devices. Your going to have to do really DPI on this to be able attempt to block it, and this would require doing mitm on their ssl connections. So blocking the IPs your going to block lots of legit traffic as well.īest way to block that to be honest is control of what users can install on company equipment. So it uses standard ports and through https to lots of IPs - served up common CDNs.
0 kommentar(er)
