Blocking Hotspot Shield In
3
Blocking HOTSPOT SHIELD in Mikrotik Filed under: Mikrotik Related — Tags: hotspot shield, hotspotshield — Syed Jahanzaib / Pinochio~:) @ 4:51 PM 5 Votes Last Updated: 6th JANUARY, 2015 / 16:10pm Assalam Va Alaekum, I was receiving many complains from few network operators of being annoyed by an proxy application name HOTSPOT SHIELD which you can use to create tunnel between you and the ‘unknown’ location and then you can bypass all filtering of your local network and can do all the ‘dirty work’ which is normally blocked in general networks. Also usage of such tools results in blacklisting your or your Internet service provider public IP. It is a very common application here in Pakistan to open the Youtube or VOIP (which are banned here officially). So I have done some lab testing for Mikrotik and found following IP Block lists and few ports which are used by HOTSPOT SHIELD. [but still you need to monitor via TORCH tool that what IP addresses pool HS is using and keep adding them in the list] /ip firewall address-list add address=157.56.106.0/24 disabled=no list=hotspotshield_zaib add address=157.56.144.0/24 disabled=no list=hotspotshield_zaib add address=198.144.116.0/24 disabled=no list=hotspotshield_zaib add address=204.14.77.0/24 disabled=no list=hotspotshield_zaib add address=204.14.0.0/16 disabled=no list=hotspotshield_zaib add address=205.164.34.0/24 disabled=no list=hotspotshield_zaib add address=209.73.0.0/16 disabled=no list=hotspotshield_zaib add address=212.118.232.0/24 disabled=no list=hotspotshield_zaib add address=216.172.138.0/24 disabled=no list=hotspotshield_zaib add address=216.172.0.0/16 disabled=no list=hotspotshield_zaib add address=46.0.0.0/8 disabled=no list=hotspotshield_zaib add address=66.171.229.0/24 disabled=no list=hotspotshield_zaib add address=68.68.107.0/24 disabled=no list=hotspotshield_zaib
-
Upload
abdikarim-abdullahi -
Category
Documents
-
view
10 -
download
0
description
This is blocking hotspot shield in mikrotik
Transcript of Blocking Hotspot Shield In
Blocking HOTSPOT SHIELD in Mikrotik
Filed under: Mikrotik Related — Tags: hotspot shield, hotspotshield — Syed Jahanzaib / Pinochio~:) @ 4:51 PM
5 Votes
Last Updated: 6th JANUARY, 2015 / 16:10pm
Assalam Va Alaekum, I was receiving many complains from few network operators of being annoyed by an proxy application name HOTSPOT SHIELD which you can use to create tunnel between you and the ‘unknown’ location and then you can bypass all filtering of your local network and can do all the ‘dirty work’ which is normally blocked in general networks. Also usage of such tools results in blacklisting your or your Internet service provider public IP. It is a very common application here in Pakistan to open the Youtube or VOIP (which are banned here officially). So I have done some lab testing for Mikrotik and found following IP Block lists and few ports which are used by HOTSPOT SHIELD. [but still you need to monitor via TORCH tool that what IP addresses pool HS is using and keep adding them in the list]
/ip firewall address-list
add address=157.56.106.0/24 disabled=no list=hotspotshield_zaib
add address=157.56.144.0/24 disabled=no list=hotspotshield_zaib
add address=198.144.116.0/24 disabled=no list=hotspotshield_zaib
add address=204.14.77.0/24 disabled=no list=hotspotshield_zaib
add address=204.14.0.0/16 disabled=no list=hotspotshield_zaib
add address=205.164.34.0/24 disabled=no list=hotspotshield_zaib
add address=209.73.0.0/16 disabled=no list=hotspotshield_zaib
add address=212.118.232.0/24 disabled=no list=hotspotshield_zaib
add address=216.172.138.0/24 disabled=no list=hotspotshield_zaib
add address=216.172.0.0/16 disabled=no list=hotspotshield_zaib
add address=46.0.0.0/8 disabled=no list=hotspotshield_zaib
add address=66.171.229.0/24 disabled=no list=hotspotshield_zaib
add address=68.68.107.0/24 disabled=no list=hotspotshield_zaib
add address=68.68.108.0/24 disabled=no list=hotspotshield_zaib
add address=69.22.168.0/24 disabled=no list=hotspotshield_zaib
add address=69.22.170.0/24 disabled=no list=hotspotshield_zaib
add address=74.115.0.0/16 disabled=no list=hotspotshield_zaib
add address=94.245.121.0/24 disabled=no list=hotspotshield_zaib
add address=69.22.185.0/24 disabled=no list=hotspotshield_zaib
add address=174.129.0.0/16 disabled=no list=hotspotshield_zaib
add address=216.172.135.0/24 disabled=no list=hotspotshield_zaib
add address=67.220.0.0/16 disabled=no list=hotspotshield_zaib
add address=50.0.0.0/8 disabled=no list=hotspotshield_zaib
add address=79.125.0.0/16 disabled=no list=hotspotshield_zaib
add address=75.101.0.0/16 disabled=no list=hotspotshield_zaib
add address=176.56.0.0/16 disabled=no list=hotspotshield_zaib
add address=54.75.0.0/16 disabled=no list=hotspotshield_zaib
add address=54.161.0.0/16 disabled=no list=hotspotshield_zaib
add address=199.188.0.0/16 disabled=no list=hotspotshield_zaib
# Now create Rules to block above address list and additional ports
/ip firewall filter
add action=drop chain=forward comment="Block_Hotspot_Shield_Addresses_(test phase_zaib)" disabled=no src-address-list=hotspotshield_zaib
add action=drop chain=forward comment="Block_Hotspot_Shield_Ports_(test phase_zaib)" disabled=no dst-port=990,179,105,706,5245,3451,15009 protocol=tcp
After applying rules, Hotspot Shield stopped connecting. .
Note: It was observed that it is almost impossible to block it 100% but with above method, I got 99% success. Its impossible to block all the proxy tools/apps as there are thousands of them. but with some smart configuration you can only minimize the chances of there utilization. Make sure you use OPENDNS and if you have static public IP address, then create account and block all the proxy / anonymizer category. Make sure to forcefully redirects all the DNS traffic to your own dns server which should be using opendns or some filtering mechanism to block or POISON the BAD sites. Also it was noted that I ahve used some large IP blocks like /8 or /16 (rather the just /24) because hotspot shield have thousands of IP addresses/blocks which it uses. So it is quite possible that some valid content also gets DROPPED/BLOCKED which falls in same subnet. More Tests would be required then by using any capturing tool or mikrotik own tool called TORCH. Example of torch in MT.
Its still under testing and will post some confirmed reports after few days. It is requested that you if have List of IP addresses which are used by HSS or other proxy, post details in comments or email me.
