IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

Com evitar les eines de navegació anònima

De SergiTurWiki
Share/Save/Bookmark
Dreceres ràpides: navegació, cerca
Alert.png Aquesta wiki forma part dels materials d'un curs
Curs: DissenyXarxesLinux,
Fitxers: No hi ha fitxers
Repositori SVN: http://svn.projectes.lafarga.cat/svn/iceupc/DissenyXarxaLocalLinux
Usuari: anonymous
Paraula de pas: sense paraula de pas
Autors: Sergi Tur Badenas

Contingut

Webs a tenir controlades

Tor

Dominis

torproject.org
tor.softonic.com

Webs a filtrar:

http://www.torproject.org/index.html.es

Paraules clau:

tor
privoxy
torbutton
vidalia

Sembla que amb la mateixa solució d'#ultrasurf tampoc funciona la red tor (al menys amb la configuració per defecte per a Windows)

Intents de connexió de IPCOP

Això és el que mostra el log de IPCOP:

 1233321612.135      7 192.168.1.5 TCP_MISS/404 0 CONNECT 80.190.246.100:443 - DIRECT/- -
1233321612.136      7 192.168.1.5 TCP_IMS_HIT/304 244 GET http://159.149.71.27:9030/tor/server/d/32023AE176452FD2DA39D8DDE7B27ADC568F50C3+9EA3A1E2D995B328A578C81D29E31EF69DD61A03+D149988E81621CC3F0629C77C34C7A2C49A79C92+D6EBCCD348D0C019153CF47053FE74E5B4483A43.z - NONE/- text/html
1233321613.144      4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 161.53.160.104:9090 - NONE/- text/html
1233321614.142      9 192.168.1.5 TCP_MISS/404 0 CONNECT 91.143.91.111:443 - DIRECT/- -
1233321615.149      1 192.168.1.5 TCP_DENIED/403 1936 CONNECT 88.198.90.110:9001 - NONE/- text/html
1233321616.147      2 192.168.1.5 TCP_DENIED/403 1940 CONNECT 194.171.167.98:11375 - NONE/- text/html
1233321617.146     10 192.168.1.5 TCP_DENIED/403 1938 CONNECT 206.174.50.120:9001 - NONE/- text/html
1233321618.149      7 192.168.1.5 TCP_DENIED/403 1936 CONNECT 128.12.191.32:9001 - NONE/- text/html
1233321619.183      2 192.168.1.5 TCP_MISS/404 0 CONNECT 84.19.177.90:443 - DIRECT/- -
1233321620.205      4 192.168.1.5 TCP_DENIED/403 1934 CONNECT 128.30.30.25:9001 - NONE/- text/html
1233321621.220      1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 147.52.17.41:9001 - NONE/- text/html
1233321622.222      1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 74.208.12.147:901 - NONE/- text/html
1233321623.255     15 192.168.1.5 TCP_MISS/404 0 CONNECT 82.94.251.204:443 - DIRECT/- -
1233321624.241      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 75.48.121.147:9001 - NONE/- text/html
1233321625.274      2 192.168.1.5 TCP_MISS/404 0 CONNECT 91.208.34.1:443 - DIRECT/- -
1233321626.315      9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 195.85.225.145:9001 - NONE/- text/html
1233321627.323     13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 192.108.114.19:9001 - NONE/- text/html
1233321627.928      3 192.168.1.5 TCP_DENIED/403 1936 CONNECT 91.121.98.173:9033 - NONE/- text/html
1233321628.320     16 192.168.1.5 TCP_MISS/404 0 CONNECT 194.150.168.126:443 - DIRECT/- -
1233321629.344     11 192.168.1.5 TCP_DENIED/403 1936 CONNECT 94.136.16.242:9001 - NONE/- text/html
1233321630.375     13 192.168.1.5 TCP_DENIED/403 1930 CONNECT 87.98.184.56:80 - NONE/- text/html
1233321631.404     15 192.168.1.5 TCP_DENIED/403 1936 CONNECT 216.139.240.0:9001 - NONE/- text/html
1233321632.430      5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 85.230.166.158:9001 - NONE/- text/html
1233321633.461      6 192.168.1.5 TCP_DENIED/403 1940 CONNECT 195.177.250.222:9001 - NONE/- text/html
1233321634.490     12 192.168.1.5 TCP_MISS/404 0 CONNECT 208.80.185.10:443 - DIRECT/- -
1233321635.520     13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 85.214.125.166:9001 - NONE/- text/html
1233321636.550      7 192.168.1.5 TCP_DENIED/403 1938 CONNECT 156.56.103.103:9001 - NONE/- text/html
1233321637.582      7 192.168.1.5 TCP_MISS/404 0 CONNECT 140.247.60.83:443 - DIRECT/- -
1233321638.602     10 192.168.1.5 TCP_DENIED/403 1940 CONNECT 72.249.145.143:19069 - NONE/- text/html
1233321639.631      8 192.168.1.5 TCP_MISS/404 0 CONNECT 79.111.143.186:443 - DIRECT/- -
1233321640.651     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 91.143.81.161:9001 - NONE/- text/html
1233321641.689     12 192.168.1.5 TCP_DENIED/403 1936 CONNECT 192.26.10.191:9001 - NONE/- text/html
1233321642.682      3 192.168.1.5 TCP_MISS/404 0 CONNECT 82.80.248.177:443 - DIRECT/- -
1233321643.725     14 192.168.1.5 TCP_DENIED/403 1938 CONNECT 212.112.241.59:9001 - NONE/- text/html
1233321644.755     13 192.168.1.5 TCP_MISS/404 0 CONNECT 85.214.58.87:443 - DIRECT/- -
1233321672.831     11 192.168.1.5 TCP_IMS_HIT/304 244 GET http://116.21.126.185:9030/tor/server/d/32023AE176452FD2DA39D8DDE7B27ADC568F50C3+9EA3A1E2D995B328A578C81D29E31EF69DD61A03+D149988E81621CC3F0629C77C34C7A2C49A79C92+D6EBCCD348D0C019153CF47053FE74E5B4483A43.z - NONE/- text/html
1233321705.994  32148 192.168.1.5 TCP_MISS/404 0 CONNECT 140.186.70.48:443 - DIRECT/- -
1233321706.944     11 192.168.1.5 TCP_DENIED/403 1936 CONNECT 212.224.22.39:9001 - NONE/- text/html
1233321707.985     10 192.168.1.5 TCP_DENIED/403 1934 CONNECT 202.75.39.98:9001 - NONE/- text/html
1233321708.994     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 216.195.48.55:9001 - NONE/- text/html
1233321710.030      6 192.168.1.5 TCP_DENIED/403 1936 CONNECT 80.252.154.85:9001 - NONE/- text/html
1233321711.034      4 192.168.1.5 TCP_DENIED/403 1934 CONNECT 81.169.156.7:9001 - NONE/- text/html
1233321712.050     11 192.168.1.5 TCP_MISS/404 0 CONNECT 86.59.32.35:443 - DIRECT/- -
1233321713.075      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 81.169.173.134:9001 - NONE/- text/html
1233321714.109     11 192.168.1.5 TCP_DENIED/403 1934 CONNECT 70.106.16.67:9001 - NONE/- text/html
1233321715.141     12 192.168.1.5 TCP_DENIED/403 1936 CONNECT 195.111.98.30:9001 - NONE/- text/html
1233321716.179     15 192.168.1.5 TCP_MISS/404 0 CONNECT 82.94.251.206:443 - DIRECT/- -
1233321717.207      8 192.168.1.5 TCP_DENIED/403 1938 CONNECT 75.144.197.249:9001 - NONE/- text/html
1233321718.210     12 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.31.186.33:9001 - NONE/- text/html
1233321719.245     15 192.168.1.5 TCP_MISS/404 0 CONNECT 212.112.242.159:443 - DIRECT/- -
1233321720.268      6 192.168.1.5 TCP_DENIED/403 1930 CONNECT 149.9.0.58:9001 - NONE/- text/html
1233321721.299     14 192.168.1.5 TCP_DENIED/403 1930 CONNECT 149.9.0.57:9001 - NONE/- text/html
1233321722.344     14 192.168.1.5 TCP_DENIED/403 1936 CONNECT 62.75.165.107:9001 - NONE/- text/html
1233321723.371      8 192.168.1.5 TCP_DENIED/403 1930 CONNECT 149.9.0.27:9001 - NONE/- text/html
1233321724.401      8 192.168.1.5 TCP_MISS/404 0 CONNECT 74.52.129.77:443 - DIRECT/- -
1233321725.424      4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 87.98.243.253:1194 - NONE/- text/html
1233321726.465     11 192.168.1.5 TCP_DENIED/403 1938 CONNECT 67.240.92.127:57391 - NONE/- text/html
1233321727.500     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 62.128.27.167:9001 - NONE/- text/html
1233321728.531      7 192.168.1.5 TCP_MISS/404 0 CONNECT 84.73.35.16:443 - DIRECT/- -
1233321729.587     13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 193.137.211.90:8192 - NONE/- text/html
1233321730.564      7 192.168.1.5 TCP_MISS/404 0 CONNECT 77.56.110.147:443 - DIRECT/- -
1233321731.591      7 192.168.1.5 TCP_MISS/404 0 CONNECT 91.143.87.107:443 - DIRECT/- -
1233321732.619      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 83.233.39.68:14723 - NONE/- text/html
1233321733.660     13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 89.110.146.219:9001 - NONE/- text/html
1233321734.684      8 192.168.1.5 TCP_MISS/404 0 CONNECT 85.25.5.64:443 - DIRECT/- -
1233321735.691     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 85.25.138.205:9001 - NONE/- text/html
1233321736.728     17 192.168.1.5 TCP_DENIED/403 1938 CONNECT 82.128.203.170:9001 - NONE/- text/html
1233321737.743      4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 192.42.113.248:9001 - NONE/- text/html
1233321766.806      3 192.168.1.5 TCP_DENIED/403 1938 CONNECT 82.118.210.148:9001 - NONE/- text/html
1233321767.820      6 192.168.1.5 TCP_DENIED/403 1936 CONNECT 84.16.234.128:9201 - NONE/- text/html
1233321768.817      4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 216.245.195.50:9001 - NONE/- text/html
1233321769.844      2 192.168.1.5 TCP_DENIED/403 1936 CONNECT 80.216.212.55:9001 - NONE/- text/html
1233321770.880      2 192.168.1.5 TCP_DENIED/403 1940 CONNECT 81.169.174.124:19001 - NONE/- text/html
1233321771.913      9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 212.112.241.44:9001 - NONE/- text/html
1233321797.950      8 192.168.1.5 TCP_DENIED/403 1940 CONNECT 213.128.138.201:9001 - NONE/- text/html
1233321798.970      4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 192.150.94.83:9001 - NONE/- text/html
1233321799.993      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 88.198.109.123:9001 - NONE/- text/html
1233321801.010      8 192.168.1.5 TCP_DENIED/403 1932 CONNECT 68.97.29.42:9001 - NONE/- text/html
1233321802.022      1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 81.169.136.161:9001 - NONE/- text/html
1233321803.034      2 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.214.44.24:9001 - NONE/- text/html
1233321829.079     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 62.40.184.106:9001 - NONE/- text/html
1233321830.095      1 192.168.1.5 TCP_DENIED/403 1930 CONNECT 91.58.61.6:9001 - NONE/- text/html
1233321831.133      2 192.168.1.5 TCP_DENIED/403 1936 CONNECT 81.169.168.60:9090 - NONE/- text/html
1233321864.266  32102 192.168.1.5 TCP_MISS/404 0 CONNECT 137.226.113.2:443 - DIRECT/- -
1233321865.268      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 66.199.252.58:9001 - NONE/- text/html
1233321866.285      1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 85.214.104.216:9001 - NONE/- text/html
1233321867.339     20 192.168.1.5 TCP_MISS/404 0 CONNECT 87.106.208.182:443 - DIRECT/- -
1233321868.331      4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 85.214.26.150:9001 - NONE/- text/html
1233321869.339      9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 67.101.158.248:9001 - NONE/- text/html
1233321870.346      5 192.168.1.5 TCP_DENIED/403 1936 CONNECT 81.166.101.28:9001 - NONE/- text/html
1233321871.360     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 204.13.164.27:9001 - NONE/- text/html
1233321872.374      3 192.168.1.5 TCP_DENIED/403 1938 CONNECT 72.236.167.137:9001 - NONE/- text/html
1233321873.401      9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 89.150.126.234:9001 - NONE/- text/html
1233321874.440     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 64.235.254.21:9001 - NONE/- text/html
1233321875.443      4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 78.46.176.185:9001 - NONE/- text/html
1233321876.490     13 192.168.1.5 TCP_DENIED/403 1936 CONNECT 78.47.209.229:9001 - NONE/- text/html
1233321877.502      1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 78.82.244.93:9001 - NONE/- text/html
1233321878.519      5 192.168.1.5 TCP_DENIED/403 1934 CONNECT 216.194.70.3:9001 - NONE/- text/html
1233321879.534     12 192.168.1.5 TCP_DENIED/403 1938 CONNECT 81.169.168.142:9001 - NONE/- text/html
1233321880.533      1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 152.13.224.2:9001 - NONE/- text/html
1233321881.540     13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 168.150.251.13:9091 - NONE/- text/html
1233321882.565     13 192.168.1.5 TCP_MISS/404 0 CONNECT 81.90.68.90:443 - DIRECT/- -
1233321883.584      6 192.168.1.5 TCP_DENIED/403 1936 CONNECT 95.112.178.98:9001 - NONE/- text/html
1233321884.590      3 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.25.153.16:9001 - NONE/- text/html
1233321885.612      1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 88.149.157.234:9001 - NONE/- text/html
1233321886.654      6 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.214.85.74:9001 - NONE/- text/html
1233321887.670      5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 88.198.129.242:9001 - NONE/- text/html
1233321888.720     14 192.168.1.5 TCP_MISS/404 0 CONNECT 82.143.158.39:443 - DIRECT/- -
1233321889.747     13 192.168.1.5 TCP_DENIED/403 1932 CONNECT 89.238.77.9:9001 - NONE/- text/html
1233321890.754      4 192.168.1.5 TCP_DENIED/403 1932 CONNECT 85.31.187.4:8463 - NONE/- text/html
1233321891.770      5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 216.24.174.245:9001 - NONE/- text/html
1233321892.799      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 212.112.242.89:9001 - NONE/- text/html
1233321893.837     14 192.168.1.5 TCP_DENIED/403 1936 CONNECT 66.197.163.73:9001 - NONE/- text/html
1233321894.861     12 192.168.1.5 TCP_DENIED/403 1936 CONNECT 156.17.2.222:10001 - NONE/- text/html
1233321895.883      1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 195.113.20.121:9001 - NONE/- text/html
1233321921.953      2 192.168.1.5 TCP_DENIED/403 1936 CONNECT 81.217.50.165:9001 - NONE/- text/html
1233321922.980     10 192.168.1.5 TCP_DENIED/403 1934 CONNECT 94.75.228.29:9001 - NONE/- text/html
1233321923.980      1 192.168.1.5 TCP_DENIED/403 1936 CONNECT 84.72.176.142:9001 - NONE/- text/html
1233321925.000      3 192.168.1.5 TCP_DENIED/403 1936 CONNECT 75.133.86.248:9001 - NONE/- text/html

Ultrasurf

Ultrasurf notes
https://docs.google.com/a/guifidocencia.sourceforge.net/document/pub?id=1KBmsOpeJly2TXM60B7a30zy07R0-0rcfv45FJroROpw

És una eina només disponible per a Windows que permet saltar-se un proxy utilitzant l'accés a proxis anònims.És de la companyia ultrareach i com podeu consultar a http://www.ultrareach.com/background_en.htm en teoria està creat per evitar el gran "muralla" (firewall) de la china. En chinès l'aplicació és diu wujie

El podeu trobar a:

http://www.ultrareach.com/

Diferents webs proveïxen idees de com filtrar aquesta eina (consulteu l'apartat recursos).

El primer de tot és filtrar les pàgines de descàrrega d'ultrareach al proxy. Una possible llista:

ultrareach.com
ultrasurf.softonic.com
geomundos.com/descargas/ultrasurf*
wujie.net

URLs:

http://ultra1/ultrasurf.htm
http://www.wujie.net/downloads/ultrasurf/u.zip  
http://www.internetfreedom.org/UltraSurf
http://www.softonic.com/windows/seguridad-y-control-de-acceso
gratis.portalprogramas.com/UltraSurf.html  

Fins i tot denegar tota pàgina on aparegui a la URL ultrasurf, o al menys les cerques de Google:

Paraules clau

ultrasurf
wujie
q=ultrasurf

Amb això per ningú pot evitar que es portin el programa en un USB.

Per bloquejar tenim dos opcions. Primer utilitzar el user agent. ultrasurf no s'identifica com a cap user-agent i per tant podem només permetre l'accés a Internet a una llista de user-agents concreta.

Amb IPCOP això és fa ràpidament accedint a Servicios>Advanced Proxy i activant el

NavegadorsWebIPCOP.png

Consulteu l'article sobre IPCOP per saber com instal·lar Advanced Proxy.

Amb això, Firefox, Internet Explorer i altres navegadors poden accedir al proxy però no pas ultrasurf.

La configuració d'squid és la següent:

$ cat /etc/squid/squid.conf 

# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface!
#
# Instead, modify the file '/var/ipcop/proxy/advanced/acls/include.acl' and
# then restart the proxy service using the web interface. Changes made to the
# 'include.acl' file will propagate to the 'squid.conf' file at that time.

shutdown_lifetime 5 seconds
icp_port 0

http_port 192.168.1.50:800 transparent

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

cache_effective_user squid
cache_effective_group squid
umask 022

pid_filename /var/run/squid.pid

cache_mem 2 MB
cache_dir aufs /var/log/cache 50 16 256

error_directory /usr/lib/squid/advproxy/errors.ipcop/English

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
useragent_log /var/log/squid/user_agent.log

strip_query_terms off

log_mime_hdrs off
forwarded_for off
via off

acl with_allowed_useragents browser (AOL)|(avantbrowser)|(Firefox)|(FrontPage)|(Gecko)|(GetRight)|(Go!Zilla)|(kh_lt\/LT)|(Google\sToolbar)|(MSIE.*[)]$)|(Java)|(Konqueror)|(Lynx)|(Windows\-Media\-Player)|(NSPlayer)|(^Mozilla\/4.[7|8])|(Netscape)|(Opera)|(LegitCheck)|(Wget)|(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS)|(APT\-HTTP)

acl within_timeframe time MTWHFAS 00:00-24:00

acl blocked_mimetypes rep_mime_type "/var/ipcop/proxy/advanced/mimetypes"

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 800 # Squids port (for icons)

acl IPCop_http  port 81
acl IPCop_https port 445
acl IPCop_ips              dst 192.168.1.50
acl IPCop_networks         src "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_servers          dst "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_green_network    src 192.168.1.0/255.255.255.0
acl IPCop_green_servers    dst 192.168.1.0/255.255.255.0
acl CONNECT method CONNECT

#Access to squid:
#local machine, no restriction
http_access allow         localhost

#GUI admin if local machine connects
http_access allow         IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https

#Deny not web services
http_access deny          !Safe_ports
http_access deny  CONNECT !SSL_ports

#Set custom configured ACLs
http_access allow IPCop_networks within_timeframe with_allowed_useragents
http_access deny  all

#Strip HTTP Header
header_access X-Forwarded-For deny all
header_access Via deny all

http_reply_access deny  blocked_mimetypes
http_reply_access allow all

maximum_object_size 4096 KB
minimum_object_size 0 KB

request_body_max_size 0 KB
reply_body_max_size 0 allow all

visible_hostname ipcop.localdomain

url_rewrite_program /usr/sbin/redirect_wrapper
url_rewrite_children 10

On les línies més destacades són:

useragent_log /var/log/squid/user_agent.log
acl with_allowed_useragents browser (AOL)|(avantbrowser)|(Firefox)|(FrontPage)|(Gecko)|(GetRight)|(Go!Zilla)|(kh_lt\/LT)|(Google\sToolbar)|(MSIE.*[)]$)|(Java)|(Konqueror)|(Lynx)|(Windows\-Media\-Player)|(NSPlayer)|(^Mozilla\/4.[7|8])|(Netscape)|(Opera)|(LegitCheck)|(Wget)|(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS)|(APT\-HTTP)
http_access allow IPCop_networks within_timeframe with_allowed_useragents

Un altre alternativa es impedir l'accés a màquines remotes per la seva IP. Amb IPCOP és fa accedint al mòdul URL Filter del menú serveis:

IPFilterIPCOP.png

NOTA: El filtre per IP afegeix la ACL !in-addr a squidGuard

Consulteu l'article sobre IPCOP per saber com instal·lar URL Filter.

URL Filter utilitza SquidGuard'. La configuració del fitxer /var/ipcop/urlfilter/squidGuard.conf és:

logdir /var/log/squidGuard
dbhome /var/ipcop/urlfilter/blacklists

dest ads {
    domainlist     ads/domains
    urllist        ads/urls
}

dest aggressive {
    domainlist     aggressive/domains
    urllist        aggressive/urls
}

dest audio-video {
    domainlist     audio-video/domains
    urllist        audio-video/urls
}

dest drugs {
    domainlist     drugs/domains
    urllist        drugs/urls
}

dest gambling {
    domainlist     gambling/domains
    urllist        gambling/urls
}

dest hacking {
    domainlist     hacking/domains
    urllist        hacking/urls
}

dest mail {
    domainlist     mail/domains
}

dest porn {
    domainlist     porn/domains
    urllist        porn/urls
}

dest proxy {
    domainlist     proxy/domains
    urllist        proxy/urls
}

dest violence {
    domainlist     violence/domains
    urllist        violence/urls
}

dest warez {
    domainlist     warez/domains
    urllist        warez/urls
}

dest files {
    expressionlist custom/blocked/files
}

dest custom-allowed {
    domainlist     custom/allowed/domains
    urllist        custom/allowed/urls
}

dest custom-blocked {
    domainlist     custom/blocked/domains
    urllist        custom/blocked/urls
}

dest custom-expressions {
    expressionlist custom/blocked/expressions
}

acl {
    default {
        pass !in-addr !ads !aggressive !audio-video !drugs !gambling !hacking !mail !porn !proxy !violence !warez any
        redirect http://www.iescopernic.com/moodle/normes_dus.htm
    }
}

La línia important és :

pass !in-addr

NOTA: tingueu en compte que potser haureu d'afegir + user-agents que tinguin sentit en la vostra xarxa.
http://ultra1/ultrasurf.htm

Recursos

Exemple d'accessos denegats a ultrasurf amb IPCOP

En un IPCOP amb les user-agents filtrats:

# tail -f /var/log/squid/access.log
1233317947.459      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 59.117.194.14:443 - NONE/- text/html
1233317947.501      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 218.174.4.170:443 - NONE/- text/html
1233317947.501      0 192.168.1.5 TCP_DENIED/403 1932 CONNECT 72.14.207.99:443 - NONE/- text/html
1233317947.509      4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 118.167.160.82:443 - NONE/- text/html
1233317947.523      0 192.168.1.5 TCP_DENIED/403 1932 CONNECT 138.235.42.3:443 - NONE/- text/html
1233317947.523      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 209.34.241.68:443 - NONE/- text/html
1233317947.523      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 137.187.66.224:443 - NONE/- text/html
1233317947.523      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.224.219.175:443 - NONE/- text/html
1233317947.546      3 192.168.1.5 TCP_DENIED/403 1934 CONNECT 59.117.194.14:443 - NONE/- text/html
1233317947.559      6 192.168.1.5 TCP_DENIED/403 1934 CONNECT 218.174.4.170:443 - NONE/- text/html
1233317947.570      4 192.168.1.5 TCP_DENIED/403 1934 CONNECT 218.174.4.170:443 - NONE/- text/html
1233317947.580      3 192.168.1.5 TCP_DENIED/403 1936 CONNECT 118.167.160.82:443 - NONE/- text/html
1233317947.596      7 192.168.1.5 TCP_DENIED/403 1936 CONNECT 118.167.160.82:443 - NONE/- text/html
1233317947.604      2 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.224.219.175:443 - NONE/- text/html
1233317947.615      7 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.224.219.175:443 - NONE/- text/html
1233317950.298      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 122.120.66.51:443 - NONE/- text/html
1233317950.298      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 137.187.66.224:443 - NONE/- text/html
1233317950.357      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.171.122.42:443 - NONE/- text/html
1233317950.357      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 193.41.233.200:443 - NONE/- text/html
1233317950.384      2 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html
1233317950.389      1 192.168.1.5 TCP_DENIED/403 1936 CONNECT 140.211.11.140:443 - NONE/- text/html
1233317950.414      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 204.16.104.198:443 - NONE/- text/html
1233317950.414      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 122.120.66.51:443 - NONE/- text/html
1233317950.419      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html
1233317950.419      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 221.231.141.46:443 - NONE/- text/html
1233317950.427      7 192.168.1.5 TCP_DENIED/403 1934 CONNECT 122.120.66.51:443 - NONE/- text/html
1233317950.442      9 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.171.122.42:443 - NONE/- text/html
1233317950.459      7 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.171.122.42:443 - NONE/- text/html
1233317950.486      7 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html
1233317950.495      2 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html
1233317951.524      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html
1233317951.524      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 210.171.0.140:443 - NONE/- text/html
1233317951.587      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html
1233317951.587      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 219.127.171.90:443 - NONE/- text/html
1233317951.656      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html
1233317951.656      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 164.159.171.59:443 - NONE/- text/html
1233317951.704      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 61.227.234.32:443 - NONE/- text/html
1233317951.711      0 192.168.1.5 TCP_DENIED/403 1932 CONNECT 74.125.19.44:443 - NONE/- text/html
1233317951.880      3 192.168.1.5 TCP_DENIED/403 1932 CONNECT 61.227.29.38:443 - NONE/- text/html
1233317951.880      3 192.168.1.5 TCP_DENIED/403 1934 CONNECT 64.182.122.46:443 - NONE/- text/html
1233317952.489      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 167.181.31.85:443 - NONE/- text/html
1233317952.506     16 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html
1233317953.345      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 61.227.234.32:443 - NONE/- text/html
1233317953.364     10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html
1233317953.373      4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html
1233317953.383      5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html
1233317953.400     12 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html
1233317953.410      3 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html
1233317953.419      4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html
1233317953.439     12 192.168.1.5 TCP_DENIED/403 1932 CONNECT 61.227.29.38:443 - NONE/- text/html
1233317953.448      5 192.168.1.5 TCP_DENIED/403 1932 CONNECT 61.227.29.38:443 - NONE/- text/html
1233317953.917      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html
1233317953.917      0 192.168.1.5 TCP_DENIED/403 1930 CONNECT 202.38.64.8:443 - NONE/- text/html
1233317954.940      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html
1233317954.949      4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.32.160.137:443 - NONE/- text/html
1233317956.353      9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html
1233317956.449      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 160.129.50.189:443 - NONE/- text/html
1233317956.449      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 219.143.224.189:443 - NONE/- text/html
1233317956.744      0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 149.101.24.73:443 - NONE/- text/html
1233317956.802      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 219.142.79.192:443 - NONE/- text/html
1233317956.868      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 61.219.223.187:443 - NONE/- text/html
1233317956.992      0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 64.236.108.247:443 - NONE/- text/html
1233317957.053      0 192.168.1.5 TCP_DENIED/403 1938 CONNECT docs.google.com:443 - NONE/- text/html

Cal destacar la última línia, com intenta accedir a docs.google.com!

Proves per a detectar ultrasurf

Al proxy si executeu:

$ netstat --inet -n | grep 443
tcp        0      0 10.0.2.15:1227          91.192.128.34:443       TIME_WAIT   
tcp        0      0 10.0.2.15:1251          66.135.52.17:443        TIME_WAIT   
tcp        0      0 10.0.2.15:1234          97.113.103.101:443      TIME_WAIT   
tcp        0      0 10.0.2.15:1253          116.213.96.5:443        TIME_WAIT   
tcp        0      0 10.0.2.15:1248          116.213.96.5:443        TIME_WAIT   
tcp        0      0 10.0.2.15:1241          203.70.99.37:443        TIME_WAIT   
tcp        0      0 10.0.2.15:1242          38.144.194.3:443        TIME_WAIT   
tcp        0      0 10.0.2.15:1233          204.16.104.198:443      TIME_WAIT   
tcp        0      0 10.0.2.15:1232          66.45.71.91:443         TIME_WAIT   
tcp        0      0 10.0.2.15:1240          125.224.221.59:443      TIME_WAIT   
tcp        0      0 10.0.2.15:1222          122.125.226.212:443     TIME_WAIT   
tcp        0      0 10.0.2.15:1228          220.140.101.226:443     TIME_WAIT   
tcp        0      0 10.0.2.15:1245          128.6.76.208:443        TIME_WAIT   
tcp        0      0 10.0.2.15:1226          65.49.2.121:443         TIME_WAIT   
tcp        0      0 10.0.2.15:1252          61.228.204.253:443      TIME_WAIT   
tcp        0      0 10.0.2.15:1230          213.215.157.222:443     TIME_WAIT   
tcp        0      0 10.0.2.15:1237          220.143.209.85:443      TIME_WAIT   
tcp        0      0 10.0.2.15:1247          123.204.202.129:443     TIME_WAIT   
tcp        0      0 10.0.2.15:1238          65.161.114.27:443       TIME_WAIT   
tcp        0      0 10.0.2.15:1249          65.49.2.122:443         TIME_WAIT   
tcp        0      0 10.0.2.15:1225          65.49.2.122:443         TIME_WAIT   
tcp        0      0 10.0.2.15:1239          198.239.146.19:443      TIME_WAIT    
tcp        0      0 10.0.2.15:1235          59.113.87.151:443       TIME_WAIT   
tcp        0      0 10.0.2.15:1236          165.206.254.144:443     TIME_WAIT   
tcp        0      0 10.0.2.15:1243          219.85.95.5:443         TIME_WAIT   
tcp        0      0 10.0.2.15:1246          123.204.205.45:443      TIME_WAIT   
tcp        0      0 10.0.2.15:1250          114.44.115.66:443       TIME_WAIT    

Veureu les connexions a proxys SSL anònims que intenta realitzar.

Podeu veure quin servidor s'està intentant utilitzar amb:

$ netstat --inet -n | grep 443 | grep STABLISHED
tcp        0      0 10.0.2.15:1414          65.49.2.121:443         ESTABLISHED

ultrasurf a Linux

Funciona amb Wine:

Runs just fine under WINE.
You need to download MSVCP60.DLL and copy it to your ~/.wine/drive_c/windows/system

Media:Exemple.ogg

Llocs web a filtrar

.minijuegos.com
alosjuegos.com
candystand.com
crackmanworld.com
abcjuegos.com
tuparada.com
melodias-logos-juegos.com
rincondeljuego.com/
trucoteca.com
teagames.com
extremo.101rpm.info
portaljuegosgratis.com
juegos.com
chatear.com
sexoyocio.com.mx
juegamas.com
i-network.com
chat.com
ads.prisacom.com
bannersxchange.com
pagead2.googlesyndication.com
elreyano.com
juegosjuegos.com
lagripe.com
falkag.net
miniclip.com
genteya.com
movilisto.com
.sponsoradulto.com
.juegos.com
.juegos.ozu.com
.videofilia.com
.youtube.com
.video.google.com
.doubleclick.net
.video.1.google.com
proxify.com
proxify.org
proxify.net
proxify.biz
proxify.info
proxify.co.uk
proxify.us
anonymouse.org
.e-messenger.net
.juegomaniac.com
.miniclip.com
.juegos.servifutbol.com
www.ebuddy.com
www.meebo.com
www1.messengerfx.com
sc.webmessenger.msn.com
www.msn2go.com
www.emessenger.cl

Anonymous proxys

Expressions regulars:

/etc/squid/acl/banned.acl
.*/.+\.php\?q=.+(&hl).*
.*/cgi-bin/nph-proxy-1.cgi
.*/.+\.php\?u=.+(&b).*
.*/proxy\.php\?q=.+(&p).*
.*/.+\.php\?woo=.+(&hvn).*

Ips i dominis:

164.58.28.250:80
194.muja.pitt.washdctt.dsl.att.net:80
web.khi.is:80
customer-148-223-48-114.uninet.net.mx:80
163.24.133.117:80
paubrasil.mat.unb.br:8080
164.58.18.25:80
bpubl014.hgo.se:3128
bpubl007.hgo.se:3128
www.reprokopia.se:8000
193.188.95.146:8080
193.220.32.246:80
AStrasbourg-201-2-1-26.abo.wanadoo.fr:80
gennet.gennet.ee:80
pandora.teimes.gr:8080
mail.theweb.co.uk:8000
mail.theweb.co.uk:8888
194.6.1.219:80
194.79.113.83:8080
ntbkp.naltec.co.il:8080
195.103.8.10:8080
pools1-31.adsl.nordnet.fr:80
pools1-98.adsl.nordnet.fr:80
195.167.64.193:80
server.sztmargitgimi.sulinet.hu:80
los.micros.com.pl:80
195.47.14.193:80
mail.voltex.co.za:8080
196.23.147.34:80
196.40.43.34:80
lvsweb.lasvegasstock.com:8000
musalemnt.notariamusalem.cl:80
ip-36-018.guate.net.gt:80
200.135.246.2:80
ntserver1.comnt.com.br:80
200-204-182-137.terra.com.br:80
200.21.225.82:8080
200.211.98.5:80
isdn02201.cultura.com.br:80
isdn02204.cultura.com.br:80
isdn03021.cultura.com.br:80
adao.dei.unicap.br:80
gateway.andromaco.cl:80
mail.care.org.gt:80
p75-90.cmet.net:8080
jaamsa.com:3128
host031210.ciudad.com.ar:80
host071052.arnet.net.ar:8000
200.46.109.82:80
200.52.4.82:80
correo.cfired.org.ar:80
200.61.6.50:8080
202.103.6.178:3128
202.104.189.20:8080
202.104.20.181:80
202.105.138.19:8080
202.105.230.226:80
202.106.139.88:80
202.108.122.38:80
202.110.204.18:80
202.110.220.14:80
mail.jjs.or.id:80
cair.res.in:80
smtp2.info.com.ph:80
202.9.136.40:8080
202.99.225.45:8080
203.113.34.239:80
203.117.67.122:8080
203.123.240.112:80
proxy.nida.ac.th:8080
203.151.40.4:80
203.155.16.130:80
203.155.172.60:80
aworklan003105.netvigator.com:3128
esjv.com.hk:80
203.200.75.165:80
cp.chollian.net:80
yuluma.wa.edu.au:80
203.69.244.194:80
223-mail.internet.ve:8080
mail.bravocorp.com:8080
206.49.33.250:8080
207.61.38.67:8000
h209-17-147-1.gtconnect.net:80
209.47.38.116:8000
cr2098859123.cable.net.co:80
mail.unisol.com.ar:80
210.12.86.181:80
210.204.118.194:8080
210.21.93.141:3128
210.219.227.52:8080
210.242.164.150:80
210.8.92.2:80
210.82.40.243:8080
210.92.128.194:8080
210.96.65.4:80
host211000070226.kagaku-k.co.jp:80
www.kan-shoku.co.jp:80
ns.toyoriko.co.jp:80
211.114.116.60:80
211.165.192.8:80
211.21.111.227:8080
211.233.21.166:8080
211.45.21.165:8080
dns1.daiken-c.co.jp:80
dns.lpgc.or.jp:80
211.93.108.113:8080
212.12.157.130:8000
enteleca-2.dsl.easynet.co.uk:80
TK212017066196.teleweb.at:80
212.251.36.62:80
adslb-98-18.cytanet.com.cy:80
212.38.132.122:80
212.60.65.206:8080
is2.isys.no:8000
213.121.248.138:80
213.16.133.130:80
213.176.28.6:80
acode-u.org:8080
213.25.170.98:8080
213.25.29.12:80
p038-30.netc.pt:80
xirus.com:8080
adsl-216-158-25-110.cust.oldcity.dca.net:80
normandintransit.com:80
216-238-112-40.dsl.ct.thebiz.net:80
216.72.196.21:80
216.72.63.198:80
216.72.63.198:8080
217-127-248-37.uc.nombres.ttd.es:3128
217.153.114.66:8080
host217-34-153-161.in-addr.btopenworld.com:8080
host217-34-194-49.in-addr.btopenworld.com:80
host217-37-205-177.in-addr.btopenworld.com:8080
host182-44.pool21758.interbusiness.it:8000
host162-51.pool21759.interbusiness.it:80
217.66.203.82:3128
218.5.133.146:80
2.magicbird.co.jp:80
h0040f6a4e019.ne.client2.attbi.com:8080
4.22.156.10:80
61.11.26.150:80
61.131.48.219:80
61.133.63.129:80
61.138.130.229:8080
cm61-15-14-187.hkcable.com.hk:80
61.159.224.11:80
61.159.235.36:8080
61.180.73.66:8080
61.185.255.4:3128
61.32.11.130:8080
www.flab.fr:8080
adsl-63-192-134-107.dsl.snfc21.pacbell.net:8080
ftp.aparizona.com:80
64-132-153-94.gen.twtelecom.net:8000
ensait19.ensait.fr:80
ado.com.mx:80
AS7000_1B.sfn.co.jp:8080
ns.cyberlinks-jp.com:80
211.15.62.123:8000
210.163.167.162:80
h64-5-220-82.gtcust.grouptelecom.net:80
204.196.104.27:80
ftp.orange.uk.com:8000
maq241i.advance.com.ar:80
mertennt.merten.hu:80
61.142.169.98:80
ns.proserv.co.jp:80
www.nisshin-syouji.co.jp:80
202.9.136.40:80
210.254.8.52:8000
www.qdh.or.jp:80
207.167.236.137:80
210.74.254.35:80
219.163.108.18:8080
mail.koibuchi.ac.jp:80
dns1.koibuchi.ac.jp:80

OpenFPnet
IES Nicolau Copèrnic