blocking patten matching

Posted: Thu Jun 18, 2009 8:57 pm
by pokeman
Hi there

should i block this from L7 patten matching ? using MT 3.23

4500 0404 4cbe 0000 8011 15f2 7514 11af E...L.......u...
4814 0562 042d 5000 03f0 d9b2 ddc0 5710 H..b.-P.......W.
a940 d870 079f 37cf 66fd 962d c55d f48c .@.p..7.f..-.]..
24bb 53ea 831a b14a e179 11a8 40d8 7007 $.S....J.y..@.p.
9e37 ce65 fe95 2dc5 5cf4 8c24 bb52 eb82 .7.e..-.\..$.R..
1ab2 49e1 7910 a840 d86f 069f 36ce 66fd ..I.y..@.o..6.f.
952d c55c f48c 23ba 53ea 821a b149 e179 .-.\..#.S....I.y
10a8 40d7 6f07 9e36 ce65 fd95 2dc4 5bf4 ..@.o..6.e..-.[.
8b23 bb52 ea82 1ab1 49e1 780f a83f d76f .#.R....I.x..?.o
069e 36ce 65fd 952c c45c f38b 23ba 520c ..6.e..,.\..#.R.
a43b d36b 029a 32ca 61f9 9128 c058 ef87 .;.k..2.a..(.X..
1fb6 4ee6 7e15 ad45 dc75 0ca3 3bd3 6a02 ..N.~..E.u..;.j.
9a32 c961 f990 29c0 57ef 871f b64e e67d .2.a..).W....N.}
15ad 44dd 740b a33b d36a 029a 31ca 61f8 ..D.t..;.j..1.a.
9028 bf57 ef87 1eb6 4ee5 7e15 ac44 dc74 .(.W....N.~..D.t
0ba3 3bd2 6a02 9932 c960 f890 28bf 57ef ..;.j..2.`..(.W.
861f b64d e67d 14ac 44dc 730b a33a d36a ...M.}..D.s..:.j
019a 31c9 60f8 9027 bf57 ee87 1eb5 4ee5 ..1.`..'.W....N.
7d14 ac44 db74 0ba2 3bd2 6901 9931 c860 }..D.t..;.i..1.`
f88f 28bf 56ef 861e b54d e57c 14ac 43dc ..(.V....M.|..C.
730a a33a d269 0199 30c9 60f7 9027 be57 s..:.i..0.`..'.W
ee86 1db5 4de4 7d14 ab44 db73 0ba2 3ad1 ....M.}..D.s..:.
6901 9831 c85f f88f 27bf 56ee 851e b54c i..1._..'.V....L
e57c 13ac 43db 720a a239 d269 0099 30c8 .|..C.r..9.i..0.
60f7 8f26 be56 ed86 1db4 4de4 7c14 ab43 `..&.V....M.|..C
da73 0aa1 3ad1 6801 9830 c85f f78e 27be .s..:.h..0._..'.
55ee 851d b54c e47c 13ab 42db 7209 a239 U....L.|..B.r..9
d169 0098 30c8 5ff6 8f26 bd56 ed85 1db4 .i..0._..&.V....
4ce3 7c13 aa43 da72 0aa1 39d1 6800 9730 L.|..C.r..9.h..0
c75e f78e 26be 55ed 851d b44b e47b 13ab .^..&.U....K.{..
42da 7209 a139 d168 ff98 2fc7 5ff6 8e26 B.r..9.h../._..&
be55 ed85 1cb3 4ce3 7b13 aa42 da72 09a1 .U....L.{..B.r..
39d0 6800 972f c75e f68e 26bd 55ed 841c 9.h../.^..&.U...
b44b e37b 13aa 42da 7108 a138 d068 ff97 .K.{..B.q..8.h..
2fc7 5ef6 8e25 bd55 ec84 1cb3 4be3 7b12 /.^..%.U....K.{.
aa42 d971 09a0 38d0 68ff 972f c65e f68d .B.q..8.h../.^..
25bd 54ec 841c b34b e37a 13aa 41d9 7108 %.T....K.z..A.q.
a038 d067 ff97 2ec7 5ef5 8d25 bd54 ec84 .8.g....^..%.T..
1bb3 4be2 7a12 a941 d971 08a0 38cf 68ff ..K.z..A.q..8.h.
962e c65d f58d 25bc 54ec 831c b34a e27a ...]..%.T....J.z
12a9 41d9 7008 a037 d067 fe96 2ec6 5df5 ..A.p..7.g....].
8d24 bd54 eb84 1bb2 4ae2 7a11 a941 d893 .$.T....J.z..A..
2ac1 59f1 8920 b850 e780 17ae 47de 760d *.Y.. .P....G.v.
a53d d46c 049b 34cb 62fa 922a c159 f188 .=.l..4.b..*.Y..
21b8 4fe8 7f16 ae46 de75 0da5 3cd5 6c03 !.O....F.u..<.l.
9c33 cb62 fa92 29c1 59f0 8920 b750 e77f .3.b..).Y.. .P..
16ae 46dd 760d a43d d46b 049b 33ca 62fa ..F.v..=.k..3.b.
912a c158 f188 20b8 4fe7 7e17 ae45 de75 .*.X.. .O.~..E.u
0ca5 3cd4 6c03 9b32 cb62 f992 29c1 59f0 ..<.l..2.b..).Y.
881f b74f e67f 16ad 46dd 750d a43c d36c ...O....F.u..<.l
039a 33ca 61fa 9129 c158 f087 20b7 4ee7 ..3.a..).X.. .N.
7e16 ae45 dd75 0ca4 3bd4 6b02 9b32 ca62 ~..E.u..;.k..2.b
f991 29c1 58ef 881f b64f e67e 16ad 45dd ..).X....O.~..E.
750c a33c d36b 039a 32ca 61f9 9029 c057 u..<.k..2.a..).W
f087 1fb7 4ee6 7e16 ad44 dd74 0ba4 3bd3 ....N.~..D.t..;.
6b02 9a32 ca61 f891 28c0 58ef 871f b64e k..2.a..(.X....N
e67e 15ac 45dc 740c a33b d36b 029a 32c9 .~..E.t..;.k..2.
60f9 9028 c057 ef87 1fb6 4ee6 7d15 ad44 `..(.W....N.}..D
dc74 0ba3 3bd3 6a01 9a31 c961 f890 28c0 .t..;.j..1.a..(.
57ef 871e b54e e57d 15ac 44dc 740b a33b W....N.}..D.t..;
d26a 0299 31c9 60f8 9028 bf57 ef86 1eb6 .j..1.`..(.W....
4de5 7d15 ac44 dc73 0ba3 3ad2 6a01 9931 M.}..D.s..:.j..1
c960 f890 27c0 57ee 861e b54d e57d 14ac .`..'.W....M.}..
44db 730b a23a d26a 0199 31c8 60f8 8f27 D.s..:.j..1.`..'
bf56 ee86 .V..

Re: blocking patten matching

Posted: Fri Jun 19, 2009 3:40 am
by Chupaka
what's this?..

Re: blocking patten matching

Posted: Fri Jun 19, 2009 8:35 am
by pokeman
This data grep from packet sniffer . the destination is and packet UDP

Re: blocking patten matching

Posted: Fri Jun 19, 2009 2:44 pm
by Chupaka
but why do you need to block that? what's this packet of? is it do not change it's contents? because it seems like encrypted one...