禁用QQ的办法

0779hjj

QQ可用登录的端口，如目标端口UDP：8000TCP:80TCP:443而服务器的IP也有好几个：218.17.209.23202.104.193.11202.104.193.12202.104.193.20218.18.95.153218.18.95.165218.85.138.70219.133.38.230禁用QQ思路：1、首先禁UDP：80002、禁以上服务器IP我的作法：1、ip firewall>     add name=drop qq2、ip firewall rule drop qq add dst-address=:8000 protocol=udp action=drop comment="" disabled=no add dst-address=218.17.209.23/32 action=drop comment="" disabled=no add dst-address=202.104.193.20/32 action=drop comment="" disabled=no add dst-address=202.104.193.11/32 action=drop comment="" disabled=no add dst-address=202.104.193.12/32 action=drop comment="" disabled=no add dst-address=218.18.95.153/32 action=drop comment="" disabled=no add dst-address=218.85.138.70/32 action=drop comment="" disabled=no add dst-address=219.133.38.230/32 action=drop comment="" disabled=no add dst-address=218.18.95.165/32 action=drop comment="" disabled=no3、ip firewall rule forward add src-address=(要禁QQ的IP)/32 action=jump jump-target="drop qq" comment=""  disabled=no

gaji

我不想禁止QQ，但要禁止QQ游戏怎么办？

parphy

楼顶的正解。本来以为QQ只用4000和8000端口。封了竟然不管用，自己也觉得奇怪用NETSTAT -AN 一看果然还用80端口的赫然指向QQ服务器。这才猛然想起来，早期腾迅只给高级用户开放了HTTP代理，现在看来给普通用户也开放了这个功能。这也正是为什么只封了4000和8000以后登陆变慢而依然可以上的原因了！8000上不了就找HTTP代理，而且QQ似乎有记忆功能，上一次用HTTP代理上的这次干脆先不找8000，先试HTTP了。唉，又一次落伍了，督促自己加紧学习吧！

0779hjj

QUOTE (gaji @ Dec 10 2004, 11:29 AM)
我不想禁止QQ，但要禁止QQ游戏怎么办？  
  找出QQ游戏服务器的IP,禁了它

fengqix

此方法无效！大家先试吧！

0779hjj

QUOTE (fengqix @ Dec 10 2004, 03:14 PM)
此方法无效！大家先试吧！
我是做成功后，测试QQ一直到提示“登录超时”才发这个文章的，只是作为参考，全照般s可能不行。如果你有更好的方法，请共享出来，你们网大的进来也发了不少贴了，可是没见到有实质的东西出来。

dccall

别忘了QQ是支持代理的！把它们也全封了？

hzkane

参考官方防火墙设置,我是把某个ip限制上qq设置成功了..很管用.先在IP-->FIREWALL-->FILTER CHAINS下建立一个VIRUS,然后再virus下建立一条规则.封闭某个ip的4000-8000的UDP端口.就行了..当然还要在FORWARD下建立一条规则.add dst-address=:protocol=all action=jump jump target=virus comment="" disabled=no 这是我根据官方站点的配置想出来的..

0779hjj

QUOTE (dccall @ Dec 10 2004, 05:26 PM)
别忘了QQ是支持代理的！把它们也全封了？  
  如果真的要这么彻底的封QQ，也只好把代理端口也封了。当然还会有其它方法可以上QQ，具体的方法用具体措施。“国家法律虽然总是在修改，但也不可能完全健全”

lzbnet

QUOTE (fengqix @ Dec 10 2004, 03:14 PM)
此方法无效！大家先试吧！  
  只会说不会做,不见有实质性的东西发表.技术交流还要等时机???那不如十年后再讨论今天的技术好了.

JJkafei

我终于找到.封杀QQ之类的网聊软件的最理想方法了.

zyling

技术别藏着，讲一讲大家共同钻研一下嘛

JJkafei

/ ip firewall src-nat add dst-address=192.168.0.254/32:53 protocol=udp action=masquerade comment="" \    disabled=no add dst-address=10.0.0.138/32:53 protocol=udp action=masquerade comment="" \    disabled=no add dst-address=140.117.11.1/32:53 protocol=udp action=masquerade comment="" \    disabled=no add src-address=192.168.0.0/24 dst-address=:80 protocol=tcp action=masquerade \    comment="" disabled=no add src-address=10.0.10.0/24 dst-address=:80 protocol=tcp action=masquerade \    comment="" disabled=no add src-address=10.0.5.0/24 dst-address=:80 protocol=tcp action=masquerade \    comment="" disabled=no add src-address=192.168.0.7/32 action=masquerade comment="" disabled=yes add src-address=192.168.0.11/32 action=masquerade comment="" disabled=no add src-address=192.168.0.12/32 action=masquerade comment="" disabled=no add src-address=192.168.0.13/32 action=masquerade comment="" disabled=no add src-address=192.168.0.14/32 action=masquerade comment="" disabled=no add src-address=192.168.0.15/32 action=masquerade comment="" disabled=no add src-address=192.168.0.16/32 action=masquerade comment="" disabled=no add src-address=192.168.0.17/32 action=masquerade comment="" disabled=no add src-address=192.168.0.18/32 action=masquerade comment="" disabled=no add src-address=192.168.0.19/32 action=masquerade comment="" disabled=no add src-address=192.168.0.20/32 action=masquerade comment="" disabled=no add src-address=192.168.0.21/32 action=masquerade comment="" disabled=no add src-address=192.168.0.31/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no add src-address=192.168.0.32/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no add src-address=192.168.0.33/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no add src-address=192.168.0.34/32 dst-address=:110 protocol=tcp \    action=masquerade comment="" disabled=no

sblive

很简单，用ROS的内容过滤。因为QQ和服务器握手时发的都有关键字的，在防火墙中的AVANCED中的CONTENT中填写TENCENT。COM和QQ再DROP试试。我要看ISA2004的内容过滤时想到的，我还没试过。呵

JJkafei

QUOTE (sblive @ Dec 13 2004, 04:23 PM)
很简单，用ROS的内容过滤。因为QQ和服务器握手时发的都有关键字的，在防火墙中的AVANCED中的CONTENT中填写TENCENT。COM和QQ再DROP试试。我要看ISA2004的内容过滤时想到的，我还没试过。呵  
  是的./ ip firewall rule qq add dst-address=:8000 protocol=udp action=drop comment="" disabled=no add dst-address=:8000 protocol=tcp action=drop comment="" disabled=no add dst-address=202.96.170.163/32 action=drop comment="" disabled=no add dst-address=218.17.209.23/32 action=drop comment="" disabled=no add dst-address=202.104.193.20/32 action=drop comment="" disabled=no add dst-address=202.104.193.11/32 action=drop comment="" disabled=no add dst-address=202.104.193.12/32 action=drop comment="" disabled=no add dst-address=218.18.95.153/32 action=drop comment="" disabled=no add dst-address=218.85.138.70/32 action=drop comment="" disabled=no add dst-address=219.133.38.0/24 action=drop comment="" disabled=no add dst-address=218.18.95.165/32 action=drop comment="" disabled=no add dst-address=218.18.95.220/32 action=drop comment="" disabled=no add dst-address=220.133.40.0/24 action=drop comment="" disabled=no add content=sz.tencent.com action=reject comment="" disabled=no add content=sz2.tencent.com action=reject comment="" disabled=no add content=sz3.tencent.com action=reject comment="" disabled=no add content=sz4.tencent.com action=reject comment="" disabled=no add content=sz5.tencent.com action=reject comment="" disabled=no add content=sz6.tencent.com action=reject comment="" disabled=no add content=sz7.tencent.com action=reject comment="" disabled=no add content=sz8.tencent.com action=reject comment="" disabled=no add content=tcpconn.tencent.com action=reject comment="" disabled=no add content=tcpconn2.tencent.com action=reject comment="" disabled=no add content=tcpconn3.tencent.com action=reject comment="" disabled=no add content=tcpconn4.tencent.com action=reject comment="" disabled=no