PFSense and Untangle Question?

i am Currently Using a PFSense box for just over 30Days.  I set it up ONLY Because the fact that it has a Proxy Caching Server.  The reason is because i am sadly stuck in an area with NO INTERNET ACCESS other than Satellite internet and am limited to 10GB a month.  i am about 15 days in to the billing cycle that the 10GB is based on and i have noticed that my interned bandwidth is 3/5ths of what it normally is by this point (3.1GB when i am normally above 5GB at this point).  So that is working and i want to keep it. 

i stumbled upon a service called Untangle, while reading a review of a SSD that failed in the guy's Untangled box.  Well i went to find out what Untangle was another router/firewall router.  On the home page of UT it says it has a CryptoLocker protection.  the main feature is the ability to block the "phone home" request that makes cryptolocker dangerous but unique and block-able even if anti-virus doesn't pick it up. i listen to Security Now (since someone on these forums told me about it, CHECK THEM OUT) and i have heard of Enterprise DNS Services that protect from CL, but never heard of anything consumer that blocked like this. 



1.  Does PFSense have a feature similar to Untangle's ability to block the "phone Home" request of CryptoLocker. 

2.  Does the Untangle Lite Package have the ability to block the "phone home" request of cryptolocker.  i have looked around a little in the packages included in the Lite edition and haven't been able to confirm or deny.


a link to a Small PDF made by Untangle about CryptoLocker.  may work if not it is able to be accessed from the untangle web home page, but this should keep you from needing an email address.


Well the phone home request is a message going back to certain servers. You can just deny access to those servers from within the PfSense Firewall.

As for the untangle lite, I have no idea. I moved away from untangle many years ago due to the fact it became bloated and slow.

Try the snort package in pfsense


One does not simply . . . . Block Cryptolocker servers.  each time Crypto locker generates a list of addresses to contact it generates multiple thousands.  I am not adding Multiple thousands for each day of the year to the block list also each Crypto locker update there are new lists for each day so that multiplies very quickly. 

what can be done is the firewall or DNS service can detect the specific way that Cryptolocker "phones home" and block that computer from accessing the internet (as i understand it).  thus giving notifications and time to secure that computer before it destroys your life or wallet. 


@Dexter Kane

i will look in to Snort tonight, when my 10GB limited satellite is Unlimited for a few hours. 

1 Like