Sonicwall Signatures

Application: Ultrasurf

Ultrasurf (ultrasurf.us) is a free proxy-based tool for internet privacy and security that allows you to bypass firewall control over web browsing, as well as to protect your identity online. Ultrasurf is constantly evolving new tactics to evade firewall control. Ultrasurf also has a browser plugin. To block Ultrasurf and the plugin requires enabling all of the following: (1) all "Ultrasurf" application signatures; (2) "Encrypted Key Exchange" for TCP signature (SID 5); (3) "Non-SSL traffic over SSL port" signature (SID 6); (4) DPI-SSL Client Inspection; (5) and all "HTTP Proxy" application signatures. Note that the HTTP Proxy traffic is required in order to block the Ultrasurf Chrome Extension. There is no work-around for firewalls without DPI-SSL CI. Some versions of Ultrasurf are blocked simply by enabling SonicWALL Secure Sockets Layer Deep Packet Inspection (DPISSL) Client Inspection which disrupts Ultrasurf due to certificate pinning.