SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Psiphon Informational 41

Category: INFO      

Psiphon is a free, anonymizing web proxy client that enables users to bypass firewall controls. The most recent version has several modes of operation including SSH-PLUS, VPN, and SSH. To block Psiphon: (1) Enable DPI-SSL Client Inspection; (2) Enable all Psiphon application signatures; (3) Enable Encrypted Key Exchange TCP Random Traffic (SID 5); (4) Enable blocking of SSH app signature (SID 10097) "SSH -- Client Request Outbound", (or make access rule to block outbound TCP/22 SSH Service from this LAN->WAN); (5) Make access rule to block outbound TCP/53 (DNS Zone Transfer) from this LAN->WAN; (6) Enable blocking for "HTTP Protocol -- Range Header" (SID 6872); (7) And to block VPN mode you must block IPSec connections by disabling outbound udp/500 in firewall access rules, or enable ISAKMP application signatures.

This SonicWALL signature identifies Psiphon VPN traffic over dynamic ports.


References
http://en.wikipedia.org/wiki/Shellcode


Relevant Information