Filter / firewalling ultrasurf traffic perfectly with Iptables or mikrotik

Ultrasurf is an application that allows users browse anonymously throws transparent proxys. All the traffic is routed encrypted throws SSL(Secure socket layer) by port 443. This well- known protocol is used by thousands of web pages that let you browse secure for e-shopping , bank consulting and things that requires more private communications. Obviously firewalls usually doesn’t block this kind of traffic because this will be a nightmare for the vast majority of users.  In my case this software is used by my students to overpass  the web page restrictions applied by the high School firewall. For example is forbidden use social networks like facebook or tuenti, but with this application (ultrasurf) it can be easy pass over  this restrictions when is installed in pupils computers.

 I have been researching in internet and finally I have found a good way to restrict only the traffic generated by ultrasurf and allow the rest of SSL traffic pass the firewall.

First of all I’ve downloaded wireshark protocol analyzer in a computer with ultrasurf installed.  When I have begun to capture network traffic I’ve realized that ultrasurf has started to generate a lot of  traffic in port 443 (ssl protocol). Looking at the ‘Client Hello’ frame that is used as a hand shake by SSL protocol I’ve realized that all packets sent by wireshark follows the same pattern in all "Client hello" frames the following hex sequence is repeated "16 03 01 00 41 01 00 00 3D 03 01 … ". This traffic is encrypted and I don’t know what hell means but I’ve been comparing traffic with other web pages with SSL enabled and I discovered that ins his "Client Hello" frames they are sending other information. 


 With this usefull information in my hands It’s only a matter of fact start to try with firewall rules applied at layer 7 level. 

For example with this iptables rule that filters and capture all traffic that is sent by SSL and with the hex sequence 16030100410100003d0301 inside in is enough to drop only ultrasurf generated network traffic  

iptables -I FORWARD -m tcp -p tcp –dport 443 -m string –to 256 –hex-string   ’|16030100410100003d0301|’ –algo bm -j DROP

If ultrasurf is using another port you can try with this

 iptables -I FORWARD -m tcp -p tcp –tcp-flags SYN,ACK,FIN,RST,PSH ACK,PSH -m string –to 256 –hex-string   ’|16030100410100003d0301|’ –algo bm -j DROP

 And if your firewall is a router OS based one try this:

/ip firewall layer7-protocol
add name=ultrasurf regexp="^\16\03\01\00\41\01\00\00\3D\03\01"
/ip firewall mangle
add chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=ultrasurf \
  address-list-timeout=0s  layer7-protocol=ultrasurf in-interface=lan dst-port=443

Obviously this is not the definitive rule, in newer versions of ultrasurf maybe if this firewall rules become popular this will be changed.

Useful source:


192 pensaments a “Filter / firewalling ultrasurf traffic perfectly with Iptables or mikrotik

  1. Retroenllaç: buy dofollow blog posting

  2. Retroenllaç: The site is a remarkable go-to site whenever you need to watch an NFL American football game, a MLB baseball game, NBA OR Euroleague basketball games, racing, golfing, or anything in between. This excellent source of live sport streaming

  3. Retroenllaç:

  4. Retroenllaç: you could try here

  5. Retroenllaç:

  6. Retroenllaç:

  7. Retroenllaç: Are there any other important fence etiquette tips?

  8. Retroenllaç: why not find out more

  9. Retroenllaç: basement cleaning

  10. Retroenllaç: What does HVAC stand for?

  11. Retroenllaç:

  12. Retroenllaç: skin lightening pills

  13. Retroenllaç: social signals checker

  14. Retroenllaç: try this

  15. Retroenllaç: clickfunnels

  16. Retroenllaç:

  17. Retroenllaç: Continued

  18. Retroenllaç: Matcha for cooking

  19. Retroenllaç: best matcha green tea powder

  20. Retroenllaç: extrait casier judiciaire

  21. Retroenllaç: drone helicopter

  22. Retroenllaç: premium grade matcha

  23. Retroenllaç: terrazzo floor care

  24. Retroenllaç: matcha tea powder

  25. Retroenllaç: Buy Glutathione Pills OnlineBuy Glutathione PillsGlutathione Pills

  26. It is not really worth paying the extra for 95% tungsten darts, if the pros are winning
    tournaments with 80% darts thats proof enough. If you have a traditional practice, use
    feedback periodically to confirm attention. Also, the batteries used in the electronic cigarette kit can be charged in a car, a wall, or a USB outlet.

    Take a look at my blog; Papierfliegeranleitung.Com

  27. Retroenllaç: ILS

  28. Retroenllaç: ?????????led

  29. Retroenllaç: ac repair new jersey

  30. Retroenllaç: medicare insurance san diego

  31. Retroenllaç: view

  32. Greetings! Somebody in my Facebook group distributed this site with us so I came
    to look it over. I’m definitely enjoying the information. I’m bookmarking and will
    likely be tweeting this to my followers! Excellent blog as well as outstanding design and style.

    My webpage; Maidenhead SEO

  33. Retroenllaç: magnum options review

  34. Retroenllaç: Sell Jewelry NJ

  35. Retroenllaç: iced matcha latte recipe

  36. Retroenllaç: all natural microdermabrasion at home

  37. However, in the end it likely is a scheme to had some freshness to Marvel’s endless relaunches
    of franchise titles with a fresh “#1″ on the cover, which has been a sales
    gimmick the company has shamelessly run into the
    ground over the past seven years. Two ports found on either ends of the canal are Cristobal (on the Caribbean sea) and Balboa (on the Pacific Ocean).
    Jeremy Renner will be on the Marvel panel as well as signing
    autographs and doing photo-ops.

    My blog:

  38. Retroenllaç: Green tea powder

  39. Retroenllaç: Buy matcha Australia

  40. Retroenllaç: jogos friv

  41. Retroenllaç: can you buy propecia in the uk

  42. Retroenllaç: cambridge video, video company cambridge, cambridge film, cambridge video production, cambridge animation, cambridge film production

  43. Bramah manufactures locks for domestic and commercial
    use. Usually a security code is used to open these kinds of locks.
    This is one of the miracles an auto locksmith can perform.

    Here is my page ????

  44. Retroenllaç: buy matcha in australia

  45. Retroenllaç: venus factor cost

  46. Since then, the design of locks has advanced
    and incorporated new materials, such as steel, plastic, and other synthetic materials.
    • Don’t forget to check its compatibility with your building structure and
    the ability of the system to deliver a good sound quality which depends on the structure of your home.
    Make sure you clean your face thoroughly before

    Also visit my blog post :: ????? ???????

  47. Write more, thats all I have to say. Literally, it seems as though you relied on the video to
    make your point. You clearly know what youre talking about, why waste your
    intelligence on just posting videos to your blog when you could be
    giving us something informative to read?

  48. hey there and thank you for your info – I have certainly picked up something new from right here.
    I did however expertise several technical issues
    using this site, as I experienced to reload the
    website a lot of times previous to I could get it to load properly.
    I had been wondering if your web hosting is OK? Not that I’m complaining,
    but sluggish loading instances times will very frequently affect your placement
    in google and can damage your quality score if
    ads and marketing with Adwords. Anyway I am adding this RSS
    to my e-mail and can look out for a lot more of your respective interesting content.
    Ensure that you update this again very soon.

  49. %With many families taking advantage of buying food items in bulk when they find them on sale or when they make a trip to their local warehouse club, there is even greater need for extra shelving when they return home to find a place to store those.

    Here is my site … garage storage – -

  50. If you have 50 points in Science, you can hack the terminal next to him and turn him
    back on. Since that sounds like a nice addition to our arsenal, it’s time for a little detective work.
    Surviving and thriving will require not only natural talent,
    but skills honed by education and practice.

    Also visit my blog post: dragon city gems hack

  51. Thanks for one’s marvelous posting! I seriously enjoyed reading it, you can be a great
    author. I will make certain to bookmark your blog and may come back
    in the foreseeable future. I want to encourage yourself
    to continue your great posts, have a nice afternoon!

    Visit my page: Amado

  52. After going over a number of the blog posts on your web site, I honestly like
    your technique of writing a blog. I saved it to my bookmark website list and will be
    checking back in the near future. Please visit my web site as well
    and tell me your opinion.

    Also visit my page – Bernd

  53. %That means that after you finished reading this article you will learn over why they are called floating shelves, some installation tips and how they can make your corner an example to others.

    My homepage: shelving units, Denise,

  54. %I first remember Wayne Rooney from a game at Old Trafford in 2002 when he came on as a late substitute for Everton and, in a brilliant 15-minute performance, skipped past me on a couple of occasions.

    Here is my weblog floating shelves (Marilyn)

  55. %For sale in designs which are open-air as well as fully and partially enclosed, a costco car shelter can be used as an economical approach to provide all weather shelter for your car in your house, in order to bring along for camping trips.

    My weblog … garage Shelf

  56. We’re a gaggle of volunteers and starting a new scheme in our community.
    Your web site offered us with useful info to work on. You have done an impressive job and our entire neighborhood might be thankful to you.

  57. We stumbled over here coming from a different web address and thought I should check things out.
    I like what I see so now i’m following you. Look forward to checking out your web page yet again.

  58. I think what you published was actually very reasonable. However, consider this,
    what if you composed a catchier title? I ain’t suggesting your information isn’t solid,
    but suppose you added a post title that makes people want more?

    I mean Filter / firewalling ultrasurf traffic perfectly with Iptables or mikrotik | Nicklaus_, Res
    de molt is a little vanilla. You could look at Yahoo’s front
    page and watch how they create article headlines to grab people to click.

    You might add a related video or a related picture or two
    to grab people interested about everything’ve got to say.
    Just my opinion, it would bring your website a little bit more interesting.

  59. Hello, i feel that i saw you visited my web site thus i
    came to go back the desire?.I am trying to to find issues to improve my site!I assume its good enough to make
    use of some of your ideas!!

  60. I don’t even know how I finished up right here, but I assumed this publish was great.
    I don’t recognize who you might be however definitely you’re going to a famous blogger for those who aren’t already.

  61. You are so cool! I don’t think I’ve truly read through anything
    like this before. So great to find another person with some genuine thoughts on this subject.

    Seriously.. many thanks for starting this up.
    This web site is something that is needed on the internet,
    someone with a bit of originality!

  62. Thanks for your marvelous posting! I really
    enjoyed reading it, you could be a great author.I will ensure that I bookmark your blog and
    will often come back in the future. I want to encourage you to continue your great job, have a
    nice weekend!

  63. Whats up very cool site!! Man .. Excellent .. Wonderful ..

    I’ll bookmark your web site and take the feeds additionally?
    I’m happy to seek out so many useful info here in the
    publish, we’d like work out more techniques in this regard, thanks for sharing.

    . . . . .

  64. Aw, this was an exceptionally good post. Finding the time and actual effort to
    generate a top notch article? but what can I say? I hesitate
    a whole lot and don’t seem to get anything done.

  65. Howdy! I understand this is sort of off-topic however I needed to ask.
    Does managing a well-established website like yours require a large amount of work?
    I’m completely new to operating a blog but I do write in my journal on a daily basis.
    I’d like to start a blog so I can share my personal experience and views online.

    Please let me know if you have any kind of ideas or tips for brand new aspiring
    bloggers. Thankyou!

  66. I blog often and I truly appreciate your content.

    Your article has really peaked my interest. I will
    take a note of your site and keep checking for new information about once a
    week. I subscribed to your Feed as well.

  67. When I originally left a comment I appear to have clicked on the -Notify me when new comments are added- checkbox and now every time a comment
    is added I get four emails with the exact same comment.
    Perhaps there is an easy method you are able to remove
    me from that service? Thanks!

  68. Hi there, I discovered your site via Google whilst searching
    for a comparable subject, your website came up, it looks good.

    I’ve bookmarked it in my google bookmarks.
    Hi there, simply become alert to your weblog via Google, and located that it’s truly informative.
    I am gonna be careful for brussels. I will be grateful when you
    proceed this in future. Lots of other people will probably
    be benefited from your writing. Cheers!

  69. Have you ever considered creating an e-book
    or guest authoring on other sites? I have a blog based upon on the same information you discuss
    and would love to have you share some stories/information. I know my viewers
    would appreciate your work. If you’re even remotely interested, feel
    free to send me an email.

  70. Howdy! I could have sworn I’ve been to this website before
    but after browsing through some of the post I realized it’s
    new to me. Nonetheless, I’m definitely glad
    I found it and I’ll be bookmarking and checking back frequently!

  71. Pretty nice post. I just stumbled upon your weblog and wanted to
    say that I’ve really enjoyed browsing your blog posts.
    After all I will be subscribing to your feed and I hope you write
    again very soon!

  72. Does your blog have a contact page? I’m having a tough time
    locating it but, I’d like to shoot you an email.
    I’ve got some recommendations for your blog you might be interested in hearing.
    Either way, great site and I look forward to seeing it expand over time.

  73. Hello, Neat post. There’s an issue along with your web site in web explorer, could
    test this? IE nonetheless is the marketplace chief and a large section of other
    people will leave out your magnificent writing due to this problem.

  74. You really make it appear really easy with your presentation however I to find this topic to be actually one thing which I feel I’d by no means understand.
    It kind of feels too complex and very huge for me. I am
    taking a look ahead on your subsequent put up, I will attempt to
    get the cling of it!

  75. Hi there, I found your web site by means of Google at the same time as looking for a comparable subject, your website came up,
    it seems to be great. I have bookmarked it in my google bookmarks.

    Hi there, simply become aware of your weblog through Google, and located that it is truly informative.

    I’m gonna be careful for brussels. I’ll appreciate in case you continue this in future.
    A lot of other people will be benefited from your writing.

  76. Terrific work! That is the type of info that should be shared across the
    net. Disgrace on Google for no longer positioning this publish upper!
    Come on over and seek advice from my web site . Thanks =)

  77. Simply desire to say your article is as amazing.
    The clearness to your put up is just excellent and i can think you’re an expert in this subject.
    Fine with your permission let me to seize your RSS feed to keep
    updated with imminent post. Thank you one million and please continue the enjoyable work.

  78. Hi there, I found your website by means of Google whilst searching for a similar topic, your website got here up, it
    looks good. I’ve bookmarked it in my google bookmarks.

    Hi there, simply was aware of your weblog via Google, and located that it’s truly informative.
    I am gonna watch out for brussels. I will appreciate if you proceed this in future.
    Many folks will probably be benefited from your writing.


  79. Thanks for any other informative web site. The place else
    may just I am getting that kind of info written in such a perfect method?
    I have a undertaking that I am just now working on, and I’ve
    been on the look out for such information.

  80. I’ve been exploring for a little for any high quality articles
    or blog posts on this sort of space . Exploring in Yahoo I at last stumbled
    upon this web site. Reading this info So i am happy to convey
    that I’ve an incredibly just right uncanny feeling I came upon exactly what I needed.

    I such a lot indubitably will make sure to do not forget
    this website and give it a glance on a continuing basis.

  81. Woah! I’m really loving the template/theme of this website.
    It’s simple, yet effective. A lot of times it’s hard to get that “perfect balance” between superb usability and appearance.
    I must say that you’ve done a amazing job with this.
    Additionally, the blog loads extremely quick for me on Safari.
    Excellent Blog!

  82. Magnificent goods from you, man. I’ve understand your stuff
    previous to and you are just too great. I really like what you’ve acquired
    here, really like what you are saying and the way in which you say
    it. You make it enjoyable and you still take care of
    to keep it wise. I cant wait to read much more from you. This is
    really a wonderful website.

  83. Hi there, i read your blog occasionally and i own a similar one and i was just curious if
    you get a lot of spam comments? If so how do you prevent it, any plugin or anything you can recommend?
    I get so much lately it’s driving me crazy so any help is very much appreciated.

  84. Hi there, I think your website could possibly be having internet browser compatibility problems.
    When I take a look at your website in Safari, it looks
    fine however, when opening in Internet Explorer, it’s got some overlapping
    issues. I merely wanted to provide you with a quick heads up!
    Aside from that, excellent blog!

  85. Appreciating the time and effort you put into your website and
    detailed information you provide. It’s great to come across a blog every once in a while that isn’t the same old rehashed information. Great read!
    I’ve saved your site and I’m including your RSS feeds to my Google account.

  86. Hey there I am so happy I found your site, I really found you by mistake, while I was
    browsing on Digg for something else, Anyways I am here now and would just like to say many thanks for a incredible
    post and a all round entertaining blog (I also love the theme/design), I don?t have time to
    read it all at the moment but I have book-marked it
    and also added in your RSS feeds, so when I have time I will be back to read a
    great deal more, Please do keep up the awesome work.

Deixa un comentari

L'adreça electrònica no es publicarà Els camps necessaris estan marcats amb *


seven − 3 =

Podeu fer servir aquestes etiquetes i atributs HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>