一、QQ通讯原理
QQ可以使用UDP登录、TCP登录、VIP登录三种方法。UDP登录采用UDP 8000端口登录,TCP登录采用的是TCP 80端口登录,VIP登录采用TCP 443端口登录。要封QQ必须把这三种登录方法的包给Deny掉。
封UDP登录只要禁止了udp的8000端口就可以禁止udp方式的登陆了。
TCP登录和VIP登录采用的是TCP 80和TCP 443端口跟WEB服务是同一端口,因此不能通过封端口否则网页无法浏览,但是可以采用封QQ服务器的IP办法来封堵。
二、PIX封QQ的方法
###################定义要禁止QQ通讯的内部机器##########
object-group network denyqqip
network-object host 192.168.0.149
network-object host 192.168.0.166
备注:要禁止的QQ通讯的内部机器只要只要加到这个组就可以了
#####################################################
###################定义QQ 通讯端口##########
object-group service qqservice udp
port-object range 8000 8010
port-object range 4000 4009
##########################################
###################定义QQ 服务器##########
object-group network qqserver
network-object host 61.144.238.145
network-object host 61.144.238.146
network-object host 61.144.238.156
network-object host 61.144.238.150
network-object host 202.104.129.251
network-object host 202.104.129.254
network-object host 202.104.129.252
network-object host 202.104.129.253
network-object host 61.141.194.203
network-object host 202.96.170.166
network-object host 218.18.95.221
network-object host 219.133.45.15
network-object host 61.141.194.200
network-object host 61.141.194.224
network-object host 202.96.170.164
network-object host 202.96.170.163
network-object host 219.133.40.216
network-object host 218.18.95.209
network-object host 218.17.209.23
network-object host 218.18.95.153
network-object host 61.141.194.227
network-object host 218.18.95.171
network-object host 202.96.170.165
network-object host 218.17.209.18
network-object host 218.17.209.21
network-object host 218.17.209.22
network-object host 218.18.95.140
network-object host 218.18.95.160
network-object host 218.18.95.165
network-object host 218.18.95.181
network-object host 218.18.95.182
network-object host 218.18.95.183
network-object host 218.18.95.188
network-object host 218.18.95.189
network-object host 218.18.95.227
network-object host 218.133.38.230
network-object host 219.133.38.5
network-object host 219.133.38.43
network-object host 219.133.38.44
network-object host 219.133.38.45
network-object host 219.133.38.47
network-object host 219.133.40.95
network-object host 219.133.40.117
network-object host 219.133.40.201
network-object host 219.133.40.215
network-object host 219.133.41.73
network-object host 219.133.41.75
network-object host 61.141.194.223
network-object host 219.133.49.170
network-object host 218.17.209.42
network-object host 58.60.14.46
network-object host 218.17.209.20
network-object host 219.133.60.173
network-object host 218.18.95.163
network-object host 219.133.40.244
network-object host 219.133.38.39
network-object host 65.54.179.192
network-object host 219.133.38.136
network-object host 219.133.40.58
network-object host 219.133.40.57
network-object host 219.133.40.56
network-object host 218.133.38.29
network-object host 61.144.238.151
network-object host 61.152.93.13
network-object host 202.104.193.32
network-object host 61.144.138.146
network-object host 61.144.194.200
network-object host 61.144.194.223
network-object host 61.144.194.227
network-object host 61.144.194.224
network-object host 61.144.238.140
network-object host 212.133.49.13
network-object host 218.18.95.135
network-object host 218.18.95.166
network-object host 218.18.95.219
network-object host 219.133.38.16
network-object host 219.133.38.18
network-object host 219.133.38.19
network-object host 219.133.38.20
network-object host 219.133.38.21
network-object host 219.133.38.31
network-object host 219.133.38.36
network-object host 219.133.38.66
network-object host 219.133.38.135
network-object host 219.133.38.166
network-object host 219.133.38.176
network-object host 219.133.38.193
network-object host 219.133.38.230
network-object host 219.133.38.232
network-object host 219.133.40.15
network-object host 219.133.40.73
network-object host 219.133.40.96
network-object host 219.133.40.97
network-object host 219.133.40.148
network-object host 219.133.40.156
network-object host 219.133.40.157
network-object host 219.133.40.175
network-object host 219.133.40.245
network-object host 219.133.41.28
network-object host 219.133.49.7
network-object host 219.133.49.8
network-object host 219.133.49.10
network-object host 219.133.49.79
network-object host 219.133.51.66
network-object host 219.133.51.92
network-object host 219.133.51.160
network-object host 219.133.51.161
network-object host 221.104.193.30
network-object host 219.133.60.153
network-object host 58.251.63.79
备注:以后QQ 服务器的IP加到这个组就可以了
##########################################
###############在PIX的内网内部接口配置Access-list##############
access-list 109 line 1 deny tcp object-group denyqqip any object-group qqservice
禁止UDP登录,封UDP 8000~8010 4000~4009端口
access-list 109 line 1 deny udp object-group denyqqip object-group qqserver
禁止TCP、VIP登录,封到QQ 服务器的通讯
备注:这两条access-list 要使用line 1的参数让封QQ的Access-list排在最上面
#############################################################
三、总结
封TCP登录和VIP登录采用封QQ的服务器IP来实现,腾讯肯定再增加服务器,因此作为管理员要去收集腾讯服务器的IP,本文档的QQ服务器收集于2007年8月13日。
管理员只要找一个被封QQ的机器,登录QQ如果发现可以登录QQ说明QQ增机服务器了,只要查看QQ 系统设置-->登录设置-->当前登录的服务器,把这里面的ip添加到pix的object-group network qqserver组里面就可以了
PIX封QQ的方法
最新推荐文章于 2024-10-01 17:54:24 发布