بستن ultrasurf در ISA

[sma.ffcc]

همونطور که همه گفتن برگ برنده اولترا اینه که دائما داره پورتاشو عوض می کنه...اگه غیر از این بود که مخابرات دو دقیقه ای بلاکش می کرد.
اگر تو شبکت کسپراسکی داری ...به همراه ادمین کیتش ، تو ادمین کیت تو قسمت untrust تعریفش کن و واسه کلاینتها پسورد بزار که نتونن تغییرش بدن...به محض اجرا اولترا پاک می شه

با سلام
طبق نظر دوستمون من تو شبکه این کار را کردم

[th95]

UltraSurf is a hard one to block from ISA itself because it uses the local host computer through port 9666 as it’s proxy to intercept browser requests and encrypt them through 443/SSL traffic through your corporate proxy server. UltraSurf uses a network of anonymous proxies like Botnets that can change dynamically at any given time.

So how can you successfully block it? Well I don’t know if you can totally but you may be able to deter it a bit.
A few ways are:

Policy – Do you have an acceptable use policy in-place? If you do then I would think the threat of job loss and termination should be a darn good deterrent.

At the local host – Using group policy, restrict access to the local host site in IE. That would be 127.0.0.1 and Ultra1 that it resolves to. If you have the capability, restrict TCP port 9666 on the local host outbound. Setting software restriction in group policy is another to prevent the UltraSoft application from running.

On the ISA – Go to http://www.isaserver.bm and download Steve’s blocking anonymous domain sets and configure a deny access rule to help block anonymous proxy access. You won’t totally stop access but the list will defiantly put a damper on accessing the most popular sites.



اگر کسی نسخه فول این رو هم داشت بذاره !

Problem: Is your traffic sneaking through the “SSL Hole”?
Your organization uses ISA Server 2004 or 2006 in a “forward proxy” scenario for
proxying, caching, controlling and filtering HTTP requests from clients on your LAN out
to the public Internet. Your web clients are configured in one of two ways:
● Clients configured to use ISA as a proxy server, or
● Clients use ISA as their default gateway (i.e. Secure NAT mode)
ISA Server provides industry-leading HTTP application-level filtering capabilities, and
can also leverage a rich community of third-party filters to achieve unprecedented
control over your traffic at an extremely affordable value.


Collective software ClearTunnel is another ISA add-on to help uncover scrupulous activity.

http://www.collectivesoftware.com/Products/ClearTunnel

[bahareh]

خوب براي كاربرانت پورت 80 را باز كن باقي رو ببند

[SADEGH65]

همانطور که جناب گنجی عزیز هم فرمودند تمامی ارتباط این قبیل برنامه ها به اینترنت بر روی پروتکل Https و پورت 443 TCP است .

تنها راه بستن این قبلی ارتباطات این است که بتوانیم در فایروال از این جمله ایزا سرور پکتها را باز و توسط خود سرور دوباره بسته بندی کند و به اینترنت بفرستد که لازمه این کار این است که Certificate خود برنامه بر روی تمامی کلاینت ها نصب شود و از این به بعد سیستم ها نمیتوانند Certificate اصلی را تشخیص دهند و تمامی پکتهایی که برای کاربران میرسد از طرف برنامه است.