Filter / firewalling ultrasurf traffic perfectly with Iptables or mikrotik

Ultrasurf is an application that allows users browse anonymously throws transparent proxys. All the traffic is routed encrypted throws SSL(Secure socket layer) by port 443. This well- known protocol is used by thousands of web pages that let you browse secure for e-shopping , bank consulting and things that requires more private communications. Obviously firewalls usually doesn’t block this kind of traffic because this will be a nightmare for the vast majority of users.  In my case this software is used by my students to overpass  the web page restrictions applied by the high School firewall. For example is forbidden use social networks like facebook or tuenti, but with this application (ultrasurf) it can be easy pass over  this restrictions when is installed in pupils computers.

 I have been researching in internet and finally I have found a good way to restrict only the traffic generated by ultrasurf and allow the rest of SSL traffic pass the firewall.

First of all I’ve downloaded wireshark protocol analyzer in a computer with ultrasurf installed.  When I have begun to capture network traffic I’ve realized that ultrasurf has started to generate a lot of  traffic in port 443 (ssl protocol). Looking at the ‘Client Hello’ frame that is used as a hand shake by SSL protocol I’ve realized that all packets sent by wireshark follows the same pattern in all "Client hello" frames the following hex sequence is repeated "16 03 01 00 41 01 00 00 3D 03 01 … ". This traffic is encrypted and I don’t know what hell means but I’ve been comparing traffic with other web pages with SSL enabled and I discovered that ins his "Client Hello" frames they are sending other information. 


 With this usefull information in my hands It’s only a matter of fact start to try with firewall rules applied at layer 7 level. 

For example with this iptables rule that filters and capture all traffic that is sent by SSL and with the hex sequence 16030100410100003d0301 inside in is enough to drop only ultrasurf generated network traffic  

iptables -I FORWARD -m tcp -p tcp –dport 443 -m string –to 256 –hex-string   ’|16030100410100003d0301|’ –algo bm -j DROP

If ultrasurf is using another port you can try with this

 iptables -I FORWARD -m tcp -p tcp –tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string –to 256 –hex-string   ’|16030100410100003d0301|’ –algo bm -j DROP

 And if your firewall is a router OS based one try this:

/ip firewall layer7-protocol
add name=ultrasurf regexp="^\16\03\01\00\41\01\00\00\3D\03\01"
/ip firewall mangle
add chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=ultrasurf \
  address-list-timeout=0s  layer7-protocol=ultrasurf in-interface=lan dst-port=443

Obviously this is not the definitive rule, in newer versions of ultrasurf maybe if this firewall rules become popular this will be changed.

Useful source:


How to enable expose similar Mac OSX effect on ubuntu

  1. Previously you need to be installed compiz and the appropiate video card driver for your system
  2. Install "apt-get install compizconfig-settings-manager"
  3. Go to System->Preferences ->Compizconfig  Settings manager
  4. In here there is an option called “Scale” – enable that by clicking the checkbox to the left of the icon. By default, the trigger is Shift+Alt+Up, but if you click on it, go to Bindings and find where it says “Initiate Window Picker”, you are able to change it to your preference.
  5. The first option titled that is for choosing a “hot corner” to trigger the program, while the second is for using a keystroke.

If you want to have a Mac OSX similar look and feel install Mac4Lin

Fast/Best way to recover forgotten root linux password

  1. Select the kernel
  2. Press the e key to edit the entry
  3. Select second line (the line starting with the word kernel)
  4. Press the e key to edit kernel entry so that you can append single user mode
  5. Append the letter S (or word Single) to the end of the (kernel) line. If you are using an ubuntu linux distribution remove the words "ro quiet splash" at the end of the line and instead of it  add "rw init=/bin/bash"  
  6. Press ENTER key
  7. Now press the b key to boot the Linux kernel into single user mode
  8. At prompt type passwd command to reset password:

You need to mount at least / and other partitions:
# mount -t proc proc /proc    (not mandatory in ubuntu)
# mount -o remount,rw / (not mandatory in ubuntu)

Change the root password, enter:
# passwd
Finally reboot system:
# sync
# reboot

 NOTE: There are another ways to recover a password root. One of the most well knowed is to use a live CD, mount the partition where our target linux is installed edit file /etc/passwd and remove the x of the following line  "root:x:0:0:root:/root:/bin/bash" . With this action when we reboot the system we have the choice to login as root in system with an empty password. Maybe not in a graphical sessions but We can do it in the console.

If we want that grub menu will not be editable we can edit file /boot/grub/menu.lst there are a configuration line, I don’t remember wich,  that we can comment and our grub menu options will not be editable at boot.

Ponència clonezilla del III congrés lliurex

Ací vos deixe un enllaç a les transparències utilitzades en la ponència "Clonezilla. El programari lliure ideal per a la clonació de discs durs i la recuperació de sistemes front a desastres"

Nota:Els arxius pesen tant  perquè contenen moltes imatges. Podeu reutilitzar i modificar esta presentació com vullgau.


Les pantalles que apareixen als tutorials pertanyen a un live CD personalitzat que estic preparant per explicar com utilitzar fàcilment el clonezilla per a la clonació senzilla d’aules informàtiques. De moment no pose cap enllaç a este liveCD perquè vull corregir alguns xicotets bugs, traduir el clonezilla al català i al castellà, incloure els tutorials i documentació d’ajuda del clonezilla i posar un xicotet "frontend" per utilitzar el clonezilla per a les operacions més bàsiques : clonar ordinador i repartir imatge clonada als PC clients.

En dues setmanes tindreu noticies sobre este liveCD en este mateix blog, on prepararé una xicoteta web per a que es descarregueu la .iso, així com instruccions bàsiques per a que vosaltres mateix es repersonalitzeu este liveCD amb altres programes que vosaltres considereu útils així com tot el procés que he seguit per a generar el liveCD.

De moment si voleu utilitzar un liveCD totalment operatiu per provar les potencialitats del clonezilla exposades en la ponència vos recomane que es baixeu la següent .iso de la pàgina oficial dels programadors de clonezilla  (ENLLAÇ ALTERNATIU AL DE DALT) 

NOTA: Si voleu un tutorial bastant bo per instal·lar el DRBL- CLonezilla de manera fixa a un servidor amb ubuntu llegiu