+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, UltraSurf in Technical; Noticed that this program has been doing the rounds on our network. It manages to edit IE's proxy to 127.0.0.1 ...
  1. #1
    Zoom7000's Avatar
    Join Date
    Feb 2006
    Location
    London
    Posts
    927
    Thank Post
    303
    Thanked 79 Times in 52 Posts
    Rep Power
    32

    UltraSurf

    Noticed that this program has been doing the rounds on our network. It manages to edit IE's proxy to 127.0.0.1 Port: 9666 to get out to the Internet.

    I have added versions 9.2 - 9.5 to our software restriction policy. However, is there a way we can actually stop it getting out. We don't have a firewall in house so we can't do any blocking on any firewall, however, a quote from their website sounds rather worrying:

    Quote Originally Posted by Ultra Reach
    11. Some companies block port 9666, which is used by UltraSurf, how do I bypass it?
    A: 9666 is local port. We will add an option to let users set the port.
    Source - Utra Reach

    So, how would I go about blocking this thing from ever getting out?

  2. #2

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    Is there any reason they need to be able to run programs outside of Program Files? If not you could just disable execution from everything except certain paths.

  3. #3
    Zoom7000's Avatar
    Join Date
    Feb 2006
    Location
    London
    Posts
    927
    Thank Post
    303
    Thanked 79 Times in 52 Posts
    Rep Power
    32
    Quote Originally Posted by jamesb View Post
    Is there any reason they need to be able to run programs outside of Program Files? If not you could just disable execution from everything except certain paths.
    It's funny you mention that, I just posted here about that. I tried blocking *.exe and leaving the others Program Files, etc as Unrestricted, which was already there. But is seems disallow takes precedence.

  4. #4
    maark's Avatar
    Join Date
    Feb 2006
    Location
    leicester
    Posts
    470
    Thank Post
    90
    Thanked 73 Times in 65 Posts
    Rep Power
    38
    If you are running sophos there is an application management policy that can be configured to block it and ohters like it - just testing it here,
    Mark

  5. #5

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    What I believe you need to do is disallow all by default, then explicitly allow the paths you want.

    Or simply restrict yourself to manually applying blocks to all paths you don't want, which could take some time.

  6. Thanks to jamesb from:

    Zoom7000 (26th June 2009)

  7. #6
    Zoom7000's Avatar
    Join Date
    Feb 2006
    Location
    London
    Posts
    927
    Thank Post
    303
    Thanked 79 Times in 52 Posts
    Rep Power
    32
    Right, I have changed the setting to restrict everything by default. However, I noticed that only Program Files\*.exe is enabled. So, e.g. Word won't run as it sits in "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" so that equates to "%ProgramFiles%\*\*\*.exe" is there anyway I can allow ALL files under Program Files regardless of directory structure, as most programs sit under multiple directories under Program Files.

  8. #7
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,207
    Thank Post
    451
    Thanked 174 Times in 171 Posts
    Blog Entries
    3
    Rep Power
    64
    Have you tried %programfiles%\* ? I think that should do it, but not 100% certain.

  9. #8


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    If you only need web access from the PCs externally... unset your gateway?

    Makes a good substitute for a firewall

    Giz a bell monday anyway!

  10. #9

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,513
    Thank Post
    1,493
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    Quote Originally Posted by tom_newton View Post
    If you only need web access from the PCs externally... unset your gateway?

    Makes a good substitute for a firewall

    Giz a bell monday anyway!
    But when you do that Real Player fails, as does pop connectivity for email and a whole host of other blasted education software I never used to have one on my machines and then at the advice of Smoothwall set it, which yes fixed various things but does give other risks.

  11. #10

    Join Date
    May 2008
    Location
    York
    Posts
    515
    Thank Post
    22
    Thanked 48 Times in 45 Posts
    Rep Power
    24

    block

    I know it does not solve your problem with no firewall but for other reading this i have blocked this by

    Simply on my network I have no need for PC going direct to https sites unless they go via the proxy

    So on the proxy , I then set secure web to reject

    It stops it dead much to disgust of kids

    we also have used Sophos to delete it but only works on our Machines not kids own laptops

SHARE:
+ Post New Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •