OpenDNS Forums
The official support and discussion site of OpenDNS
Support
K-12 Forums
Categories
- Administrative
- Adult site blocking
- DNS-O-Matic / dynamic IPs
- Domain blocking
- Domain Name System (DNS) troubles
- Mobile instructions
- OpenDNS services
- Proxies, accelerators, and more
- Router instructions
- Satellite
- Shortcuts
- Wishlists and feature requests
-
Feeds
Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.
Proxies, accelerators, and more: User installed Hotspot Shield as a workaround to my Open DNS setting in AD.
Bottom of Page1 to 8 of 8
-
Hi,
I have a bright user who installed Hotspot Shield on his computer to access a website that I have blocked in Open DNS.
What can I possibly do to prevent this? Users are local admins for easy installing normal updates etc. So I would like a solution where I don't have to remove that.
Best regards
Morten Wiingreen
Denmark -
"Users are local admins for easy installing normal updates etc."
This is not the easy way, because security is not a matter of ease. This is a fault. Admins can almost circumvent everything and are generally a risk for the whole network.
"So I would like a solution where I don't have to remove that."
Sorry, there is not really a solution. Hotspot Shield establishes a VPN connection to the AncorFree servers, using their own DNS. Only in case Hotspot Shield relies on DNS, you can block the domains of these AncorFree servers. You will have to test and tailor this program to find out. Or search the internet. -
Create a company policy banning this software. Anyone found with this software installed is subject to disciplinary action.
Some solutions don't require technology.
You could also just block their servers in OpenDNS as well as on your router's firewall via IP address. You could also create a group policy if you are using Windows that would not allow that software to be installed. -
Faronics offers a software that is called Anti-Executable. It creates a white list of allowed executables. If it's not on the list it cant install or run. Worth a shot.
-
Have you blocked the Proxy/Anonymizer category? It should disable this and several other public VPNs.
It appears that blocking anchorfree.net will block Hotspot Shield, and that site is included in the Proxy/Anonymizer category.
If that doesn't seem to help, you'll need to install Wireshark somewhere in your network and record DNS lookups from the target machine to find what else you need to block. -
Update... I downloaded Hotspot Shield and it uses multiple domains and IPs and ports. Standard OpenDNS category settings won't block it, and it looks like it will be a real bugger to block manually.
Best address this with a management policy and a large stick. -
I also downloaded it, and tested it from within a corporate network, and - it wasn't able to connect. There are apparently possibilities to prevent it from working. I didn' research further, but it may be related to internal proxies or firewalls or DMZs or what else.
-
Looks as if it uses some non-standard UDP ports, and apparently has some flexibility of which ports to use. A firewall policy to block everything but approved ports might block it.
I was testing at home with no blocking other than OpenDNS, and was trying to do some whack-a-mole DNS blocking to see if I could break it. No luck yet, I may revisit it in a few days and try blocking unapproved UDP.
1 to 8 of 8
