We run fairly large network at a school of roughly 2000 users.
We have been having students playing Among Us on the network lately.
I am trying to figure out a way to block the traffic - I have traced the network traffic down (atleast for US servers) to a members.linode.com server string.
I have tried the following ways of blocking traffic with no success:
- Added to blocked category on rule for specific users
- Added to blocked web URL group
- Blocked at Netspace Proxy level
The traffic still gets through.
I am wondering if anyone has had success blocking traffic for this game or tried blocking it via Application Control. We currently don't use it widely but I have blocked a few categories for students (e.g gaming, proxy vpn etc)
Any help would be appreciated.
I've managed to block Among Us on both Android/IOS with a custom IPS signature, I didn't tested It with the steam version since I don't have It, but I believe It will also work.
While playing Among Us Online, It will establish a connection to the servers through UDP over a high port. (Such as 22023.)
You will have to create a custom IPS signature such as this one: (If you need help on this look at this document from Sophos.)
Here's the Custom rule content:
Edit: Here's the three signatures I've found, you can use any of them to block Among Us.
Or you can play up with pcre and do something like:
Example in plain-text:
After It you can apply on a IPS policy:
Here's how It should look like for the user after creating and applying the custom IPS signature on the traffic.
And here's how It looks like on the Log Viewer.
Have had no luck locating the SID for steam version.
Struggling to even find the traffic on XG.
Any tips on locating the traffic reliably?
You can do a pcap with wireshark on your computer while running the steam version of the game. This is the easiest method.
Also if you want to, you can send me the pcap later through a private message. (Please do at least 3-4 packet captures, this is extremely helpful when trying to find signatures over the traffic.)