Hot!psiphon

Author
Fullmoon
Platinum Member
  • Total Posts : 710
  • Scores: 2
  • Reward points: 0
  • Joined: 2010/08/02 18:02:10
  • Status: offline
2017/02/16 06:38:29 (permalink)
0

psiphon

now the headache backs again, anyone does the trick on how block psiphon? Im using  FGT 1000C and FGT 92D running in FOS 5.4.3 and 5.2.10 seems psiphon able to bypass. applied ssl deep inspection (select all ports), blocked botnet p2p and proxy under app control, blocked web proxy under web filter profile, even limits the service to http/s and dns still no glory.
 
anyone willing to share their tricks on how to block psiphon? thanks
 
IPS Definitions Version 10.00070 IPS Engine Version 3.00299

Fortigate Newbie
#1

8 Replies Related Threads

    hmtay_FTNT
    Gold Member
    • Total Posts : 178
    • Scores: 22
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: offline
    Re: psiphon 2017/02/22 13:10:57 (permalink)
    0
    Hello,
     
    Can you update your IPS Definition to 10.00071 or above. An update on the Psiphon signature was released in 10.00071 to cover the recent update. 
     
    On the same topic, with IPS Engine 3.00299 and FortiOS 5.4 and above, our Psiphon signature does not require SSL deep-inspection anymore. We have added a new feature into the engine that allows us to block it without deep inspecting the packet.
    #2
    nawaysa
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/20 02:16:14
    • Status: offline
    Re: psiphon 2017/03/20 05:30:49 (permalink)
    0
    I have update IPS and FOS but still Psiphone can bybass the fortigate?? any help please
     
    #3
    hmtay_FTNT
    Gold Member
    • Total Posts : 178
    • Scores: 22
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: offline
    Re: psiphon 2017/03/20 08:54:32 (permalink)
    0
    Did you enable certificate-inspection or deep-inspection? Can you show me the output to the CLI command "diagnose autoupdate versions? Can you send me your configuration file in a PM? Thanks.
     
    HoMing
    #4
    Fullmoon
    Platinum Member
    • Total Posts : 710
    • Scores: 2
    • Reward points: 0
    • Joined: 2010/08/02 18:02:10
    • Status: offline
    Re: psiphon 2017/03/21 00:05:19 (permalink)
    0
    dear hmtay_FTNT,
    TAC sent me IPS signature FOS 5.2.10 (flen-520-3.0406.pkg) few days back, i thought I was able to blocked psiphon completely but after a few minutes of waiting, psiphon successfully connected. whew!i started to scratched my head again ;-)
     

    Fortigate Newbie
    #5
    nawaysa
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/20 02:16:14
    • Status: offline
    Re: psiphon 2017/03/21 04:13:39 (permalink)
    0
    Last Update Attempt: Tue Mar 21 12:24:18 2017
    Result: No Updates
     
    Botnet Domain Database
    ---------
    Version: 1.00638
    Contract Expiry Date: n/a
    Last Updated using manual update on Tue Jan 10 11:02:00 2017
    Last Update Attempt: n/a
    Result: Updates Installed
     
    Modem List
    ---------
    Version: 0.000
     
    Device and OS Identification
    ---------
    Version: 1.00055
    Contract Expiry Date: Thu Nov 29 2018
    Last Updated using manual update on Fri Mar  3 23:15:00 2017
    Last Update Attempt: Tue Mar 21 12:24:18 2017
    Result: No Updates
     
    IP Geography DB
    ---------
    Version: 1.062
    Contract Expiry Date: n/a
    Last Update Date: Fri Mar 10 18:09:33 2017
      
    Certificate Bundle
    ---------
    Version: 1.00005
    Last Update Date: Thu May  5 10:58:00 2016
      
    FDS Address
    ---------
    96.45.33.81-443
      
    URL White list
    ---------
    Version: 1.00618
    Contract Expiry Date: Thu Nov 29 2018
    Last Updated using scheduled update on Mon Mar 20 18:24:23 2017
    Last Update Attempt: Tue Mar 21 12:24:18 2017
    Result: No Updates
     
    Primary_FortiGate # 
     
    I enable ssl deep inspection , but still user can bybass fortigate
    #6
    hmtay_FTNT
    Gold Member
    • Total Posts : 178
    • Scores: 22
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: offline
    Re: psiphon 2017/03/21 08:15:30 (permalink)
    0
    nawaysa,
     
    Your "diagnose autoupdate versions" is incomplete. I dont see any info about your IPS Engine and IPS Definition versions. Can you PM your configuration file to me and let me know which policy ID are you using? 
    #7
    nawaysa
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/20 02:16:14
    • Status: offline
    Re: psiphon 2017/04/03 04:38:02 (permalink)
    0
    Is there any new solution to block Psiphon?????
    #8
    juanchonica
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/04/02 15:31:08
    • Status: offline
    Re: psiphon 2017/08/07 10:47:52 (permalink)
    0
    the only way is apply ssl deep inspection and install certificate in ALL computers in your network
    #9
    Jump to:
    © 2017 APG vNext Commercial Version 5.5