0779hjj 发表于 2004-12-10 11:08:21

QQ可用登录的端口,如目标端口UDP:8000TCP:80TCP:443而服务器的IP也有好几个:218.17.209.23202.104.193.11202.104.193.12202.104.193.20218.18.95.153218.18.95.165218.85.138.70219.133.38.230禁用QQ思路:1、首先禁UDP:80002、禁以上服务器IP我的作法:1、ip firewall>   add name=drop qq2、ip firewall rule drop qq add dst-address=:8000 protocol=udp action=drop comment="" disabled=no add dst-address=218.17.209.23/32 action=drop comment="" disabled=no add dst-address=202.104.193.20/32 action=drop comment="" disabled=no add dst-address=202.104.193.11/32 action=drop comment="" disabled=no add dst-address=202.104.193.12/32 action=drop comment="" disabled=no add dst-address=218.18.95.153/32 action=drop comment="" disabled=no add dst-address=218.85.138.70/32 action=drop comment="" disabled=no add dst-address=219.133.38.230/32 action=drop comment="" disabled=no add dst-address=218.18.95.165/32 action=drop comment="" disabled=no3、ip firewall rule forward add src-address=(要禁QQ的IP)/32 action=jump jump-target="drop qq" comment=""disabled=no

gaji 发表于 2004-12-10 11:29:08

我不想禁止QQ,但要禁止QQ游戏怎么办?

parphy 发表于 2004-12-10 11:53:07

楼顶的正解。本来以为QQ只用4000和8000端口。封了竟然不管用,自己也觉得奇怪用NETSTAT -AN 一看果然还用80端口的赫然指向QQ服务器。这才猛然想起来,早期腾迅只给高级用户开放了HTTP代理,现在看来给普通用户也开放了这个功能。这也正是为什么只封了4000和8000以后登陆变慢而依然可以上的原因了!8000上不了就找HTTP代理,而且QQ似乎有记忆功能,上一次用HTTP代理上的这次干脆先不找8000,先试HTTP了。唉,又一次落伍了,督促自己加紧学习吧!

0779hjj 发表于 2004-12-10 12:12:08

QUOTE (gaji @ Dec 10 2004, 11:29 AM)
我不想禁止QQ,但要禁止QQ游戏怎么办?
找出QQ游戏服务器的IP,禁了它

fengqix 发表于 2004-12-10 15:14:26

此方法无效!大家先试吧!

0779hjj 发表于 2004-12-10 17:12:47

QUOTE (fengqix @ Dec 10 2004, 03:14 PM)
此方法无效!大家先试吧!
我是做成功后,测试QQ一直到提示“登录超时”才发这个文章的,只是作为参考,全照般s可能不行。如果你有更好的方法,请共享出来,你们网大的进来也发了不少贴了,可是没见到有实质的东西出来。

dccall 发表于 2004-12-10 17:26:56

别忘了QQ是支持代理的!把它们也全封了?

hzkane 发表于 2004-12-10 17:39:11

参考官方防火墙设置,我是把某个ip限制上qq设置成功了..很管用.先在IP-->FIREWALL-->FILTER CHAINS下建立一个VIRUS,然后再virus下建立一条规则.封闭某个ip的4000-8000的UDP端口.就行了..当然还要在FORWARD下建立一条规则.add dst-address=:protocol=all action=jump jump target=virus comment="" disabled=no 这是我根据官方站点的配置想出来的..

0779hjj 发表于 2004-12-10 17:42:32

QUOTE (dccall @ Dec 10 2004, 05:26 PM)
别忘了QQ是支持代理的!把它们也全封了?
如果真的要这么彻底的封QQ,也只好把代理端口也封了。当然还会有其它方法可以上QQ,具体的方法用具体措施。“国家法律虽然总是在修改,但也不可能完全健全”

lzbnet 发表于 2004-12-10 19:36:27

QUOTE (fengqix @ Dec 10 2004, 03:14 PM)
此方法无效!大家先试吧!
只会说不会做,不见有实质性的东西发表.技术交流还要等时机???那不如十年后再讨论今天的技术好了.

JJkafei 发表于 2004-12-13 13:14:07

我终于找到.封杀QQ之类的网聊软件的最理想方法了.

zyling 发表于 2004-12-13 13:56:35

技术别藏着,讲一讲大家共同钻研一下嘛

JJkafei 发表于 2004-12-13 14:44:26

/ ip firewall src-nat add dst-address=192.168.0.254/32:53 protocol=udp action=masquerade comment="" \    disabled=no add dst-address=10.0.0.138/32:53 protocol=udp action=masquerade comment="" \    disabled=no add dst-address=140.117.11.1/32:53 protocol=udp action=masquerade comment="" \    disabled=no add src-address=192.168.0.0/24 dst-address=:80 protocol=tcp action=masquerade \    comment="" disabled=no add src-address=10.0.10.0/24 dst-address=:80 protocol=tcp action=masquerade \    comment="" disabled=no add src-address=10.0.5.0/24 dst-address=:80 protocol=tcp action=masquerade \    comment="" disabled=no add src-address=192.168.0.7/32 action=masquerade comment="" disabled=yes add src-address=192.168.0.11/32 action=masquerade comment="" disabled=no add src-address=192.168.0.12/32 action=masquerade comment="" disabled=no add src-address=192.168.0.13/32 action=masquerade comment="" disabled=no add src-address=192.168.0.14/32 action=masquerade comment="" disabled=no add src-address=192.168.0.15/32 action=masquerade comment="" disabled=no add src-address=192.168.0.16/32 action=masquerade comment="" disabled=no add src-address=192.168.0.17/32 action=masquerade comment="" disabled=no add src-address=192.168.0.18/32 action=masquerade comment="" disabled=no add src-address=192.168.0.19/32 action=masquerade comment="" disabled=no add src-address=192.168.0.20/32 action=masquerade comment="" disabled=no add src-address=192.168.0.21/32 action=masquerade comment="" disabled=no add src-address=192.168.0.31/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no add src-address=192.168.0.32/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no add src-address=192.168.0.33/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no add src-address=192.168.0.34/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no

sblive 发表于 2004-12-13 16:23:58

很简单,用ROS的内容过滤。因为QQ和服务器握手时发的都有关键字的,在防火墙中的AVANCED中的CONTENT中填写TENCENT。COM和QQ再DROP试试。我要看ISA2004的内容过滤时想到的,我还没试过。呵

JJkafei 发表于 2004-12-13 16:28:12

QUOTE (sblive @ Dec 13 2004, 04:23 PM)
很简单,用ROS的内容过滤。因为QQ和服务器握手时发的都有关键字的,在防火墙中的AVANCED中的CONTENT中填写TENCENT。COM和QQ再DROP试试。我要看ISA2004的内容过滤时想到的,我还没试过。呵
是的./ ip firewall rule qq add dst-address=:8000 protocol=udp action=drop comment="" disabled=no add dst-address=:8000 protocol=tcp action=drop comment="" disabled=no add dst-address=202.96.170.163/32 action=drop comment="" disabled=no add dst-address=218.17.209.23/32 action=drop comment="" disabled=no add dst-address=202.104.193.20/32 action=drop comment="" disabled=no add dst-address=202.104.193.11/32 action=drop comment="" disabled=no add dst-address=202.104.193.12/32 action=drop comment="" disabled=no add dst-address=218.18.95.153/32 action=drop comment="" disabled=no add dst-address=218.85.138.70/32 action=drop comment="" disabled=no add dst-address=219.133.38.0/24 action=drop comment="" disabled=no add dst-address=218.18.95.165/32 action=drop comment="" disabled=no add dst-address=218.18.95.220/32 action=drop comment="" disabled=no add dst-address=220.133.40.0/24 action=drop comment="" disabled=no add content=sz.tencent.com action=reject comment="" disabled=no add content=sz2.tencent.com action=reject comment="" disabled=no add content=sz3.tencent.com action=reject comment="" disabled=no add content=sz4.tencent.com action=reject comment="" disabled=no add content=sz5.tencent.com action=reject comment="" disabled=no add content=sz6.tencent.com action=reject comment="" disabled=no add content=sz7.tencent.com action=reject comment="" disabled=no add content=sz8.tencent.com action=reject comment="" disabled=no add content=tcpconn.tencent.com action=reject comment="" disabled=no add content=tcpconn2.tencent.com action=reject comment="" disabled=no add content=tcpconn3.tencent.com action=reject comment="" disabled=no add content=tcpconn4.tencent.com action=reject comment="" disabled=no
页: [1] 2
查看完整版本: 禁用QQ的办法