SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Hexatech VPN -- TCP Activity 1

Category: VPN      

Hexatech VPN is a freemium model VPN application for mobile devices (e.g. Apple iPhone and Android). This application uses advanced obfuscation and evasion techniques to avoid firewall detection. It does two things: (A) it tries to open random, unidentified protocols over TCP and UDP using the Encrypted Key Exchange techniques, and (B) it uses standard HTTPS protocol to tunnel user traffic. For these reasons, to block Hotspot Shield VPN you must: (1) enable our Encrypted Key Exchange (EKE) application signatures, SID 5 (TCP) and SID 7 (UDP); (2) enable DPI-SSL Client Inspection (DPI-SSL CI); and (3) enable the Hexatech VPN application signatures. (Note: there may be side effects to enabling EKE signatures, namely, applications like Skype and others may also be blocked. There is no work-around, other than adding private IPs to the exclusion lists for this application, or individually by EKE signature.)

This SonicWALL signature identifies legitimate Hexatech VPN application traffic over TCP.



Relevant Information