SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Hotspot Shield VPN -- DNS Query 2 [Reqs SIDs 5, 7 and DPI-SSL CI]

Category: VPN      

Hotspot Shield is an application service that provides web users security and anonymity by creating a virtual private network between a laptop or mobile device and an Internet gateway. This tunnel prevents others from viewing email, instant messages, credit card information or other web transmissions sent over the network, as these transactions are all secured through HTTPS. Owned by Anchor Free, Inc., the Hotspot Shield security application is free to download. This application uses advanced obfuscation and evasion techniques to avoid firewall detection. It does two things: (1) it tries to open random, unidentified protocols over TCP and UDP using the Encrypted Key Exchange techniques, and (2) it uses standard HTTPS protocol to tunnel user traffic. For these reasons, to block Hotspot Shield VPN you must: (1) enable our Encrypted Key Exchange (EKE) application signatures, SID 5 (TCP) and SID 7 (UDP); and (2) enable DPI-SSL Client Inspection (DPI-SSL CI); and (3) also enable the Hotspot Shield VPN application signatures. (Note: there may be side effects to enabling EKE signatures, namely, applications like Skype and others may also be blocked. There is no work-around, other than adding private IPs to the exclusion lists for this application, or individually by EKE signature.)

This SonicWALL signature identifies legitimate Hotspot Shield DNS request.



Relevant Information