Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 39 subscribers
  • Views 9773 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Among Us through the XG

MSCIT

We run fairly large network at a school of roughly 2000 users.

We have been having students playing Among Us on the network lately.

I am trying to figure out a way to block the traffic - I have traced the network traffic down (atleast for US servers) to a members.linode.com server string.

I have tried the following ways of blocking traffic with no success:

- Added to blocked category on rule for specific users

- Added to blocked web URL group

- Blocked at Netspace Proxy level

The traffic still gets through.

I am wondering if anyone has had success blocking traffic for this game or tried blocking it via Application Control. We currently don't use it widely but I have blocked a few categories for students (e.g gaming, proxy vpn etc)

Any help would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I've managed to block Among Us on both Android/IOS with a custom IPS signature, I didn't tested It with the steam version since I don't have It, but I believe It will also work.

    While playing Among Us Online, It will establish a connection to the servers through UDP over a high port. (Such as 22023.)

    You will have to create a custom IPS signature such as this one: (If you need help on this look at this document from Sophos.)

    Example:

    Here's the Custom rule content:

    Edit: Here's the three signatures I've found, you can use any of them to block Among Us.

    • content:"|4d 61 73 74 65 72 2d 36 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 34 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 33 2d 4f|";

    Or you can play up with pcre and do something like:

    • /\x4d\x61\x73\x74\x65\x72\x2d(\x36|\x34|\x33)\x2d\x4f/gmi

    Example in plain-text:

    • pcre:"/Master-(6|4|3)-O/";

    After It you can apply on a IPS policy:

    Here's how It should look like for the user after creating and applying the custom IPS signature on the traffic.

    And here's how It looks like on the Log Viewer.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Reply
  • 0

    Hi,

    I've managed to block Among Us on both Android/IOS with a custom IPS signature, I didn't tested It with the steam version since I don't have It, but I believe It will also work.

    While playing Among Us Online, It will establish a connection to the servers through UDP over a high port. (Such as 22023.)

    You will have to create a custom IPS signature such as this one: (If you need help on this look at this document from Sophos.)

    Example:

    Here's the Custom rule content:

    Edit: Here's the three signatures I've found, you can use any of them to block Among Us.

    • content:"|4d 61 73 74 65 72 2d 36 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 34 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 33 2d 4f|";

    Or you can play up with pcre and do something like:

    • /\x4d\x61\x73\x74\x65\x72\x2d(\x36|\x34|\x33)\x2d\x4f/gmi

    Example in plain-text:

    • pcre:"/Master-(6|4|3)-O/";

    After It you can apply on a IPS policy:

    Here's how It should look like for the user after creating and applying the custom IPS signature on the traffic.

    And here's how It looks like on the Log Viewer.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Children
  • 0 in reply to Prism

    Thanks Prism,

    This is helpful - I was unsure if you could do custom categories via the IPS.

    I will suss out the Steam version and see if I can't find it.

  • 0 in reply to Prism

    Have had no luck locating the SID for steam version.

    Struggling to even find the traffic on XG.

    Any tips on locating the traffic reliably?

  • 0 in reply to MSCIT

    You can do a pcap with wireshark on your computer while running the steam version of the game. This is the easiest method.

    Also if you want to, you can send me the pcap later through a private message. (Please do at least 3-4 packet captures, this is extremely helpful when trying to find signatures over the traffic.)

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Unfiltered HTML