我记录

MikroTik ROS layer7-protocol的协议的应用层控制....

jianliulin 发布于 2012/12/11 14:21 浏览: 3650 回复: 0 所在分类:路由

 **********************************************************

/ip firewall layer7-protocol协议方式

一.QQ的签名信息头

:if ([:len [find name=qq]] > 0) do={ :put "already have qq" } else={ add name=qq regexp="^.\?\02.+\03\$" }

就是这个双引号的部分了,其它的大家从楼主的附件中下载,用写字板打开不会乱格式。特征:" ^.\?\02.+\03\$ "

二. pcanywhere的远程控制软件的签名信息

:if ([:len [find name=pcanywhere]] > 0) do={ :put "already have pcanywhere" } else={ add name=pcanywhere regexp="^(nq|st)\$" }

三.RSTP视频点播流的签名信息

:if ([:len [find name=http-rtsp]] > 0) do={ :put "already have http-rtsp" } else={ add name=http-rtsp regexp="^(get[\09-\0D -~]* Accept: application/x-rtsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*a=control:rtsp://)" }

秋风落叶扫㊣简单整理于2007-10-06日于广东中山 期待ros3.0加入更多新功能.............

四.citrix终端服务器签名信息

:if ([:len [find name=citrix]] > 0) do={ :put "already have citrix" } else={ add name=citrix regexp="\32\26\85\92\58" }

五. msnmessenger的签名信息

:if ([:len [find name=msnmessenger]] > 0) do={ :put "already have msnmessenger" } else={ add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\09-\0D -~]*cvr0\0D\0A\$|usr 1 [!-~]+ [0-9. ]+\0D\0A\$|ans 1 [!-~]+ [0-9. ]+\0D\0A\$" }

以下是msn的文件传输签名信息

:if ([:len [find name=msn-filetransfer]] > 0) do={ :put "already have msn-filetransfer" } else={ add name=msn-filetransfer regexp="^(ver [ -~]*msnftp\0D\0Aver msnftp\0D\0Ausr|method msnmsgr:)" }

六.VNC远程控制工具的签名信息

:if ([:len [find name=vnc]] > 0) do={ :put "already have vnc" } else={ add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\0A\$" }

七.yahoo通聊天工具的签名信息

:if ([:len [find name=yahoo]] > 0) do={ :put "already have yahoo" } else={ add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80" }

八.RDP远程桌面控制的签名信息

:if ([:len [find name=rdp]] > 0) do={ :put "already have rdp" } else={ add name=rdp regexp="rdpdr.*cliprdr.*rdpsnd" }

九.ciscovpn签名信息

:if ([:len [find name=ciscovpn]] > 0) do={ :put "already have ciscovpn" } else={ add name=ciscovpn regexp="^\01\F4\01\F4" }

十.http上网时的80协议签名信息

:if ([:len [find name=http]] > 0) do={ :put "already have http" } else={ add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*(connection:|content-type:|content-length:|date:)|post [\09-\0D -~]* http/[01]\\.[019]" }

十一.ftp协议签名信息

:if ([:len [find name=ftp]] > 0) do={ :put "already have ftp" } else={ add name=ftp regexp="^220[\09-\0D -~]*ftp" }

十二.edonkey驴子签名信息 ="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\19\1A\1B\1C\20\21\32\33\34\35\36\38\40\41\42\43\46\47\48\49\4A\4B\4C\4D\4E\4F\50\51\52\53\54\55\56\57\58[\60\81\82\90\91\93\96\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|\59................\?[ -~]|\96....\$)" }

十三.SMTP端口25协议签名信息

:if ([:len [find name=smtp]] > 0) do={ :put "already have smtp" } else={ add name=smtp regexp="^220[\09-\0D -~]* (e\?smtp|simple mail)" }

秋风落叶扫㊣简单整理于2007-10-06日于广东中山 期待ros3.0加入更多新功能.............

:if ([:len [find name=edonkey]] > 0) do={ :put "already have edonkey" } else={ add name=edonkey regexp

十四.POP3端口110协议签名信息

:if ([:len [find name=pop3]] > 0) do={ :put "already have pop3" } else={ add name=pop3 regexp="^([url=file://+ok/]\\+ok[/url] |-err )" }

:if ([:len [find name=ssh]] > 0) do={ :put "already have ssh" } else={ add name=ssh regexp="^ssh-[12]\\.[0-9]" }

十五.SSH的签名信息

-------------------------------------------------------------

What's new in 3.0rc6:

*) RIP - fixed some problems;

*) RIP - automatically distribute connected routes

falling within range of some configured network;

*) RIPng - network configuration statements removed,

interface configuration now is mandatory;

*) added support for IPv6 Firewall in WinBox;

*) added support for IPv6 DNS cache in WinBox;

*) added support for MME routing protocol in WinBox;

*) added support for L7 matcher in WinBox;

*) added support for Prolific 2303 based USB serial devices;

*) specify tcp-mss in dynamicly added PPP mangle rules & do not add

them when mtu is bigger then 1500;

*) fixed USB UPS detection;

*) fixed bug - PPTP client did not work with Windows PPTP server;

*) limited number of active authentication sessions for PPPoE server

to not overload RADIUS server;

*) fixed bug - ssh command did not work on RB333;

*) added support for Intel EXPI9404PT PCI-E ethernet adpater;

*) added simple SNTP client to system package

& removed regular ntp from bundle package;

*) updated timezone information;

*********************************************************

jianliulin2012/12/11 14:21

留下脚印

踩一脚
copyright © jianliulin 的空间 2010-2014
Powered by 我记录2.0
Processed in 0 seconds, 0 queries