Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 9254 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Among Us through the XG

MSCIT

We run fairly large network at a school of roughly 2000 users.

We have been having students playing Among Us on the network lately.

I am trying to figure out a way to block the traffic - I have traced the network traffic down (atleast for US servers) to a members.linode.com server string.

I have tried the following ways of blocking traffic with no success:

- Added to blocked category on rule for specific users

- Added to blocked web URL group

- Blocked at Netspace Proxy level

The traffic still gets through.

I am wondering if anyone has had success blocking traffic for this game or tried blocking it via Application Control. We currently don't use it widely but I have blocked a few categories for students (e.g gaming, proxy vpn etc)

Any help would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I've managed to block Among Us on both Android/IOS with a custom IPS signature, I didn't tested It with the steam version since I don't have It, but I believe It will also work.

    While playing Among Us Online, It will establish a connection to the servers through UDP over a high port. (Such as 22023.)

    You will have to create a custom IPS signature such as this one: (If you need help on this look at this document from Sophos.)

    Example:

    Here's the Custom rule content:

    Edit: Here's the three signatures I've found, you can use any of them to block Among Us.

    • content:"|4d 61 73 74 65 72 2d 36 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 34 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 33 2d 4f|";

    Or you can play up with pcre and do something like:

    • /\x4d\x61\x73\x74\x65\x72\x2d(\x36|\x34|\x33)\x2d\x4f/gmi

    Example in plain-text:

    • pcre:"/Master-(6|4|3)-O/";

    After It you can apply on a IPS policy:

    Here's how It should look like for the user after creating and applying the custom IPS signature on the traffic.

    And here's how It looks like on the Log Viewer.

    Thanks!

  • 0 in reply to Prism

    Thanks Prism,

    This is helpful - I was unsure if you could do custom categories via the IPS.

    I will suss out the Steam version and see if I can't find it.

Reply Children
No Data