133 lines
3.2 KiB
Markdown
133 lines
3.2 KiB
Markdown
# 【E21现场】E现场业主希望实现对HotSpot Shield 的deny有效果
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-929 | 2023-05-18T21:11:22.000+0800 | 牛翔 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
业主在2023-05-17表示继psiphon3继续测试其他VPN。
|
||
|
||
2023-05-17 业主在TSG系统配置了对办公网环境(clien ip=196.188.136.150 )了HotSpot Shield Deny policy策略,希望该策略对HotSpot Shield有FD效果。**liuyang** commented on *2023-05-21T11:17:51.817+0800*:
|
||
|
||
工程部提取特征后麻烦测试组[~zhaokun]验证
|
||
|
||
|
||
|
||
---
|
||
|
||
**niuxiang** commented on *2023-06-05T13:39:53.509+0800*:
|
||
|
||
[~liuyang] [~zhaokun] 已经提取完成hotspot shield VPN特征,麻烦测试效果
|
||
|
||
特征文件:HotspotShield_202306050535055.json
|
||
|
||
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhaokun** commented on *2023-06-07T20:10:26.476+0800*:
|
||
|
||
* Windows:
|
||
** Hydra测试结果:
|
||
*** 所有节点阻断成功
|
||
** IKEv2测试结果:
|
||
*** Auto节点和Steaming节点未阻断
|
||
** WireGuard测试结果:
|
||
*** 所有节点阻断成功
|
||
* Android:
|
||
** 三个协议全部节点均阻断成功
|
||
* IOS:
|
||
** Hydra测试结果:
|
||
*** Houston节点首次连接未阻断,断开后又重新连接5次全部阻断成功
|
||
*** Algeria节点首次连接未阻断,断开后又重新连接5次全部阻断成功
|
||
** IKEv2测试结果:
|
||
*** Auto节点和Steaming节点未阻断
|
||
** WireGuard测试结果:
|
||
*** 所有节点阻断成功
|
||
|
||
未阻断的报文已微信发给牛翔。
|
||
|
||
|
||
|
||
---
|
||
|
||
**daikaiqiang** commented on *2023-06-08T10:29:41.183+0800*:
|
||
|
||
针对ikev2协议阻断失败排查:
|
||
使用测试环境192.168.56.43(戴凯强) 192.168.56.50(焦得钰)
|
||
1.测试auto节点,下策略 Deny application hotspot_shield_vpn_20230602,通过wireshark抓包,发现其dns.qname 特征journalissue.us及middle-island.us均有获取到对应IP ,且安全日志中没有dns 相关阻断日志,全部为ssl.sni 阻断(为hotspot shield 官网等sni阻断),节点可以正常连接
|
||
2.单独下策略 阻断dns 其filter使用的qname 为hotspot_shield_vpn_20230602中使用的dns qname,通过wireshark 抓包发现journalissue.us及middle-island.us 一直在尝试获取IP 但均为获取到IP。安全日志有dns 阻断日志,此时节点无法连接。
|
||
3.单独使用dns.qname 作为signature 创建application 做阻断策略,此时抓包发现journalissue.us及middle-island.us 又可以正常获取到IP 且无安全日志产生。
|
||
|
||
|
||
|
||
|
||
---
|
||
|
||
**daikaiqiang** commented on *2023-06-08T10:30:50.796+0800*:
|
||
|
||
!image-2023-06-08-10-31-56-755.png|thumbnail! !image-2023-06-08-10-31-12-417.png|thumbnail! !image-2023-06-08-10-31-23-835.png|thumbnail!
|
||
|
||
|
||
|
||
---
|
||
|
||
**niuxiang** commented on *2023-06-15T09:32:31.883+0800*:
|
||
|
||
对应bug处理记录
|
||
|
||
https://jira.geedge.net/browse/TSG-15436
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhengchao** commented on *2024-11-19T16:22:59.209+0800*:
|
||
|
||
issue closed due to no activity
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**38919/HotspotShield_202306050535055.json**
|
||
|
||
---
|
||
|
||
**39118/image-2023-06-08-10-31-02-190.png**
|
||
|
||
---
|
||
|
||
**39119/image-2023-06-08-10-31-12-417.png**
|
||
|
||
---
|
||
|
||
**39120/image-2023-06-08-10-31-23-835.png**
|
||
|
||
---
|
||
|
||
**39121/image-2023-06-08-10-31-56-755.png**
|
||
|
||
---
|
||
|
||
**39117/对应第一点.png**
|
||
|
||
---
|
||
|
||
**38451/微信图片_20230511131735.png**
|
||
|
||
---
|
||
|
||
**38450/微信图片_20230518161226.png**
|
||
|
||
---
|
||
|