Hot!Psiphon Explanation

Author
JohnGeorge
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/06/08 13:21:10
  • Status: offline
2019/02/01 11:31:09 (permalink)
0

Psiphon Explanation

Can someone explain what this psiphon event is? I've confirmed I don't see an installation of psiphon on the user's computer. the direction is incoming, hopefully something triggered by ads on WSJ.com. I'd like to confirm the computer is not infected with anything. 
 
TriggerUTM App Ctrl Event - Proxy
Log Details: 
logver 60
Type utm
Sub Type app-ctrl
Event Type app-ctrl-all
Level information
Application ID 32642
authserver Local FSSO Agent
Destination IP 13.249.142.119
Source Port 60132
Destination Port 443
Source Interface port3
srcintfrole lan
Destination Interface port1
dstintfrole wan
Protocol 6
Service HTTPS
Direction incoming
Application Category Proxy
Application Psiphon
Action pass
Threat Score 10
Threat Level medium
Host Name newsletter-images.wsj.com
Incident Serial No. 430703357
URL /
Message Proxy: Psiphon,
Application Risk critical
scertcname newsletter-images.wsj.com
post edited by JohnGeorge - 2019/02/01 11:46:33
#1

4 Replies Related Threads

    JohnGeorge
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/06/08 13:21:10
    • Status: offline
    Re: Psiphon Explanation 2019/02/04 06:47:38 (permalink)
    0
    Anyone?
    #2
    rr_FTNT
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/09/17 05:04:46
    • Status: offline
    Re: Psiphon Explanation 2019/02/13 04:49:53 (permalink)
    0
     
    Direction is incoming with relation to Fortigate.  You can see it is LAN->WAN so something on the user's computer was destined for port 443 on host.  There are open nodes on the psiphon network that doesnt require client software to be loaded.  http://booki.flossmanuals.net/circumvention-tools/ch016_using-psiphon2-open-nodes Not sure if this is what you are seeing, but just more info.
    #3
    mpoteet
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/07/13 07:39:50
    • Status: offline
    Re: Psiphon Explanation 2019/02/15 08:28:38 (permalink)
    0
    I'd just like to add that since 2.8.2019 I've seen this signature pop up for traffic going to a myriad of websites, coming from a handful of workstations that do not appear to have the psiphon application installed. I'm currently leaning towards a theory that the signature for this application got an update or something and now it's causing false positives, but that's just my theory. I have a ticket opened for it.
    #4
    tedauction
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/03/26 22:23:02
    • Status: offline
    Re: Psiphon Explanation 2019/04/18 12:48:09 (permalink)
    0
    Hello, we also have exactly the same situation.
    Any comments from anyone would be welcome.
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5