SEMTEC The SE MN preK-12 Technology Coordinators

Welcome to SEMTEC! Home of SE MN Educational Technology Leaders!

googlyfroogy.exe & UltraSurf

Has anyone else run into this application? I just saw it in action this morning, runs off of a small executable file and is the latest way our students are getting past the internet filtering. I haven't figured out a way to block it yet. We are using 8e6 filtering with our ISP and I've tried blocking the Ultrasurf.com site but the application allows it to skip right past. Any help would be appreciated. They certainly are some creative youngsters.

Views: 248

Attachments:

Reply to This

Replies to This Discussion

Permalink Reply by Bryan Berg on March 30, 2009 at 8:41am
Paul Potter from Tomah Public Schools is Wisconsin shared these thoughts with me about preventing the program from getting through:

"The big question is how do your systems find their way to the Internet? Do they know about it without the aide of a proxy server (like MS ISA)? If they do, blocking this will be extremely difficult. I haven't done a packet trace on the app but it looks like port 9666 is what it wants to connect through then it pushes all of the web traffic through one of its servers. Here is how I make sure this doesn't occur:

1. The only way to the Internet is via non-transparent proxy (like MS ISA). The default block is done by only creating outbound access-list rules for your proxy server (your workstations won't have a default way out) on your hardware firewall (I use a Cisco ASA).
2. On the proxy I only have necessary ports opened up (for students this means 80 and 443).
3. On the proxy I have Secure Computing (now a McAfee product) running with it set to block any "uncategorized" sites (basically a white list).

With this in place the workstation is clueless about the net (a ping to an external IP address on these systems gets you nothing), the traffic is first checked on the ISA server (which allows me control of which students via Active Directory groups can have Internet access), next it is checked against the SecureComputer Smartfilter white list. There is NO way around this."
Permalink Reply by Scott Evers on April 8, 2009 at 1:11pm
I use the file server tools within windows, students can't save anything with an .exe or .zip

All local drives are hidden, and any place they can save is a redirected spot on a file server.

Flash drives would still bring it in though.
Permalink Reply by Scott Evers on April 8, 2009 at 1:13pm
ISA server is also great, 40% of our web hits are returned from the cache, not the internet with saves on bandwidth

Reply to Discussion

RSS

About

Bryan Berg created this Ning Network.
Create a Ning Network! »

© 2024   Created by Bryan Berg.   Powered by

Report an Issue  |  Terms of Service