This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default application configuration bug

Hi folks,

I have been investigating why one of my devices is talking to TOR and Ultrasurf proxies. I have not been able to identify which device from the daily reports.

Now in theory the tunnel and filter bypass applications should be blocked, but they aren't. I created a test filter to see what happens when I tick deny. What is the use of ticking deny when the default changes it back to allow? Please see below for the results.

The application list shows deny, but the filter using the group shows allow, something very wrong.

Ian

More stuff. If you enable blocking IT services etc, the bypass filter rules do not work. Facebook gets blocked and so does my weather station. Now I have a bypass for facebook.

This thread was automatically locked due to age.

Parents

0 DouglasFoster over 7 years ago

I have tried to research how to detect and block TOR, with minimal success. It appears that it might be posible to do a special dns query on ip+port to detect an exit point, but no known way to detect connecting to an entry point. How did you determine that TOR is being used?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DouglasFoster over 7 years ago

I have tried to research how to detect and block TOR, with minimal success. It appears that it might be posible to do a special dns query on ip+port to detect an exit point, but no known way to detect connecting to an entry point. How did you determine that TOR is being used?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data