SonicALERT
Search

Sonicwall Signatures


Go to All Categories list.
Go to All Applications list.

  Psiphon -- TCP Activity 1 [Reqs SID 5 and DPI-SSL CI]

Category: PROXY-ACCESS      

Application: Psiphon      

Psiphon is a free, anonymizing web proxy client that enables users to bypass firewall controls. The most recent version has several modes of operation including SSH-PLUS, VPN, and SSH. To block Psiphon: (1) Enable DPI-SSL Client Inspection; (2) Enable all Psiphon application signatures; (3) Enable Encrypted Key Exchange TCP Random Traffic (SID 5); (4) Enable blocking of SSH app signature (SID 10097) "SSH -- Client Request Outbound", (or make access rule to block outbound TCP/22 SSH Service from this LAN->WAN); (5) Make access rule to block outbound TCP/53 (DNS Zone Transfer) from this LAN->WAN; (6) Enable blocking for "HTTP Protocol -- Range Header" (SID 6872); (7) And to block VPN mode you must block IPSec connections by disabling outbound udp/500 in firewall access rules, or enable ISAKMP application signatures.

This SonicWALL signature identifies Psiphon VPN traffic over dynamic ports.



Relevant Information