- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Psiphon Explanation
Can someone explain what this psiphon event is? I've confirmed I don't see an installation of psiphon on the user's computer. the direction is incoming, hopefully something triggered by ads on WSJ.com. I'd like to confirm the computer is not infected with anything.
TriggerUTM App Ctrl Event - Proxy
Log Details:
logver 60 Type utm Sub Type app-ctrl Event Type app-ctrl-all Level information Application ID 32642 authserver Local FSSO Agent Destination IP 13.249.142.119 Source Port 60132 Destination Port 443 Source Interface port3 srcintfrole lan Destination Interface port1 dstintfrole wan Protocol 6 Service HTTPS Direction incoming Application Category Proxy Application Psiphon Action pass Threat Score 10 Threat Level medium Host Name newsletter-images.wsj.com Incident Serial No. 430703357 URL / Message Proxy: Psiphon, Application Risk critical scertcname newsletter-images.wsj.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anyone?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Direction is incoming with relation to Fortigate. You can see it is LAN->WAN so something on the user's computer was destined for port 443 on host. There are open nodes on the psiphon network that doesnt require client software to be loaded. http://booki.flossmanuals.net/circumvention-tools/ch016_using-psiphon2-open-nodes Not sure if this is what you are seeing, but just more info.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd just like to add that since 2.8.2019 I've seen this signature pop up for traffic going to a myriad of websites, coming from a handful of workstations that do not appear to have the psiphon application installed. I'm currently leaning towards a theory that the signature for this application got an update or something and now it's causing false positives, but that's just my theory. I have a ticket opened for it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, we also have exactly the same situation.
Any comments from anyone would be welcome.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So we are now having this same exact problem. Has anyone on this thread figured this out yet?
Thanks everyone!