If you cannot identify the name of the active process, you need to install a firewall, such as Kaspersky Anti-Hacker, which will monitor open ports and provide a log. Once you have deleted the process, you can then delete the file. If you know the name of the file containing the Backdoor, you can delete it after you stop the active processes in RAM using the Windows Task Manager. The infected machine sees only ports 'blinking' in ascending order. The controller can download and execute files on the infected machine.Īgent.b opens a random port in the 1xxx range for about a second, and then continues opening the next port in ascending numerical order. The packed file size is 38 KB and unpacked - 104 KB.Īgent.b is controlled over IRC channels. This backdoor is a Windows PE exe file written in Visual C.Īgent.b is packed with two packers: Morphine and UPX. I agree with codemarauder on this one, I created a Snort rule and I have been able to block those users that use UltraSurf, it works pretty .b (Kaspersky Lab) is also known as: (Kaspersky Lab), W32/Morph.worm (McAfee), (Symantec), (Doctor Web), Backdoor:Win32/Agent.G (RAV), TROJ_AGENT.B (Trend Micro), (Grisoft), (SOFTWIN), Backdoor Program (Panda), Win32/Agent.B (Eset)Īgent.b is a classic Trojan backdoor that opens the infected machine to remote access. Since Ultrasurf is a policy violation and offenders ideally should be dealt with at Layer 8 (corporate / HR policy), this will discourage people from using Ultrasurf altogether and administration will always remain in the know of them. Check the box to "block" the offenders on the source side for 1 hour, 3 hours, 1 day or 1 week as you find suitable. Now, add a new Snort sensor on LAN interface that has just this rule enabled. With this setting, I believe you still can surf without interruption.Ĭreate a separate rule file that includes the ultrasurf rule copied from "les" of Emerging Threats. I only blocking certain https server for public usages. Latest blocking ultrasurf server list for UltraSurf 12.01 We should share all the new ultrasurf server in here so our pfsense can block ultrasurf at the gateway firewall level. Ultrasurf 11.04 is blocking by the rules above. Add another new rule after the rule on step 7. After the pfBlockerpfUltrasurf rule, add new ruleĨ. At the Lists, create a new alias by click on the "+" button.ħ. Now I'm using pfblocker because it will be more easy to add more block server in the future.Ĥ. If you need to blocking the ultrasurf, you can follow my instruction and test it out to see it work with you pfsense firewall or not. I just trying to use firewall rule to blocking the ultrasurf and it seem like working.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |