Sonicwall Signatures

Application: Psiphon

Psiphon is a free, anonymizing web proxy client that enables users to bypass firewall controls. The most recent version has several modes of operation including SSH-PLUS, VPN, and SSH. To block Psiphon: (1) Enable DPI-SSL Client Inspection; (2) Enable App Control "Psiphon" signatures, all; (3) Enable App Control "Encrypted Key Exchange" Random Traffic for TCP (SID 5) and UDP (SID 7); (4) Enable App Control "SSH -- Client Request Outbound" (SID 10097), or alternatively, create Access Rule to block outbound TCP/22 SSH Service from this LAN->WAN; (5) Enable App Control "HTTP Protocol -- Range Header" (SID 6872); (6) Enable App Control "ISAKMP" signatures, or create Access Rule to block outbound udp/500 from LAN to WAN (IPSec VPN mode); (7) Enable App Control "Google QUIC" signatures; (8) Create Access Rule to block outbound TCP/53 (DNS) from LAN to WAN; (9) Create Access Rule deny rule outbound UDP/53 (DNS) from LAN to WAN, and a second, allow rule to permit all necessary DNS traffic, but only to known good DNS servers being used; (10) Create Access Rule to block all outbound UDP ports below 1025 from LAN to WAN, with exception noted above;