Community discussions

MikroTik App
 
RaymondMeg
just joined
Topic Author
Posts: 4
Joined: Mon Aug 26, 2013 8:51 pm

Need L7-Filter Help

Sat Sep 07, 2013 6:12 pm

Hi, guys:

in china ,we have an IM software named "QQ". The login protocal is private .but a well know detail is :

A / UDP QQ Login protocol:

0x02 (first byte ,fixed)- 2bytes (Application Version) - 2bytes (commond send to server) - 2bytes (Sequence) - 4bytes(QQ number: big-endian,for example QQ number 342704420 is 146D4124 )

B/: TCP QQ Login Protocol: Add 2 bytes Packet length in udp protocol. such as

2bytes (packet length) - 0x02 (fixed)- 2bytes (Application Version) - 2bytes (commond send to server) - 2bytes (Sequence) - 4bytes(QQ number: big-endian,for example QQ number 342704420 is 146D4124 )

I want permit special QQ number ,and forbbiden others. So ,i write 2 Layer 7 rules:
name: QQ342704420 regex : ^(\x02|.?.?\x02).?.?.?.?.?.?\x14\x6d\x41\$..+\x03$
name: QQTCPUDP regex : ^(\x02|.?.?\x02).?..?..?..?..?..?..?.?.?.?.?.?.?.?.+\x03$

I also have 2 filter rules in forward chain :

index 2 filter rule : permit QQ342704420 : if l7-protocol is QQ342704420 then accept.
index 3 filter rule : forbbiden other QQ : if l7-protocol is QQTCPUDP then drop.

But , " index 3 filter rule : forbbiden other QQ " always matched .

Is there any wrong with my L7-rule ?

Raymond
 
prince90s
just joined
Posts: 22
Joined: Sun Jan 23, 2011 9:44 pm

Re: Need L7-Filter Help

Mon Sep 09, 2013 5:46 am

try it like this:
1.first offline other QQ then login again.
2.disable the first rule.
 
RaymondMeg
just joined
Topic Author
Posts: 4
Joined: Mon Aug 26, 2013 8:51 pm

Re: Need L7-Filter Help

Mon Sep 09, 2013 7:11 am

try it like this:
1.first offline other QQ then login again.
2.disable the first rule.
yes,it will work ,and will offline all QQ client.

but ,I want permit special QQ number ,then forbidden others.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], msatter and 89 guests