Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 39 subscribers
  • Views 9785 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Among Us through the XG

MSCIT

We run fairly large network at a school of roughly 2000 users.

We have been having students playing Among Us on the network lately.

I am trying to figure out a way to block the traffic - I have traced the network traffic down (atleast for US servers) to a members.linode.com server string.

I have tried the following ways of blocking traffic with no success:

- Added to blocked category on rule for specific users

- Added to blocked web URL group

- Blocked at Netspace Proxy level

The traffic still gets through.

I am wondering if anyone has had success blocking traffic for this game or tried blocking it via Application Control. We currently don't use it widely but I have blocked a few categories for students (e.g gaming, proxy vpn etc)

Any help would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I've managed to block Among Us on both Android/IOS with a custom IPS signature, I didn't tested It with the steam version since I don't have It, but I believe It will also work.

    While playing Among Us Online, It will establish a connection to the servers through UDP over a high port. (Such as 22023.)

    You will have to create a custom IPS signature such as this one: (If you need help on this look at this document from Sophos.)

    Example:

    Here's the Custom rule content:

    Edit: Here's the three signatures I've found, you can use any of them to block Among Us.

    • content:"|4d 61 73 74 65 72 2d 36 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 34 2d 4f|";
    • content:"|4d 61 73 74 65 72 2d 33 2d 4f|";

    Or you can play up with pcre and do something like:

    • /\x4d\x61\x73\x74\x65\x72\x2d(\x36|\x34|\x33)\x2d\x4f/gmi

    Example in plain-text:

    • pcre:"/Master-(6|4|3)-O/";

    After It you can apply on a IPS policy:

    Here's how It should look like for the user after creating and applying the custom IPS signature on the traffic.

    And here's how It looks like on the Log Viewer.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0 in reply to Prism

    Thanks Prism,

    This is helpful - I was unsure if you could do custom categories via the IPS.

    I will suss out the Steam version and see if I can't find it.

Reply Children
No Data
Unfiltered HTML