SonicALERT
Search

Sonicwall Signatures


Go to All Categories list.
Go to All Applications list.

Application: Hotspot Shield VPN

Hotspot Shield is an application service that provides web users security and anonymity by creating a virtual private network between a laptop or mobile device and an Internet gateway. This tunnel prevents others from viewing email, instant messages, credit card information or other web transmissions sent over the network, as these transactions are all secured through HTTPS. Owned by Anchor Free, Inc., the Hotspot Shield security application is free to download. This application uses advanced obfuscation and evasion techniques to avoid firewall detection. It does two things: (A) it tries to open random, unidentified protocols over TCP and UDP using the Encrypted Key Exchange techniques, and (B) it uses standard HTTPS protocol to tunnel user traffic. For these reasons, to block Hotspot Shield VPN you must: (1) enable our Encrypted Key Exchange (EKE) application signatures, SID 5 (TCP) and SID 7 (UDP); (2) enable DPI-SSL Client Inspection (DPI-SSL CI); and (3) enable the Hotspot Shield VPN application signatures. (Note: there may be side effects to enabling EKE signatures, namely, applications like Skype and others may also be blocked. There is no work-around, other than adding private IPs to the exclusion lists for this application, or individually by EKE signature.)

  Hotspot Shield VPN -- UDP Activity 1 [Reqs SIDs 5, 7 and DPI-SSL CI]
  Hotspot Shield VPN -- TCP Activity 1 [Reqs SIDs 5, 7 and DPI-SSL CI]
  Hotspot Shield VPN -- TCP Activity 2 [Reqs SIDs 5, 7 and DPI-SSL CI]
  Hotspot Shield VPN -- UDP Activity 2 [Reqs SIDs 5, 7 and DPI-SSL CI]
  Hotspot Shield VPN -- TCP Activity 3 [Reqs SIDs 5, 7]
  Hotspot Shield VPN -- DNS Query 4
  Hotspot Shield VPN -- UDP Activity 3
  Hotspot Shield VPN -- TCP Activity 5
  Hotspot Shield VPN -- DNS Query 1 [Reqs SIDs 5, 7 and DPI-SSL CI]
  Hotspot Shield VPN -- DNS Query 2 [Reqs SIDs 5, 7 and DPI-SSL CI]
  Hotspot Shield VPN -- DNS Query 3 [Reqs SIDs 5, 7 and DPI-SSL CI]
  Hotspot Shield VPN -- TCP Activity 4 [Reqs SIDs 5, 7 and DPI-SSL CI]


Relevant Information