Aquesta wiki forma part dels materials d'un curs | |
|---|---|
| Curs: | DissenyXarxesLinux, |
| Fitxers: | No hi ha fitxers |
| Repositori SVN: | http://svn.projectes.lafarga.cat/svn/iceupc/DissenyXarxaLocalLinux |
| Usuari: | anonymous |
| Paraula de pas: | sense paraula de pas |
| Autors: | Sergi Tur Badenas |
Dominis
torproject.org tor.softonic.com
Webs a filtrar:
http://www.torproject.org/index.html.es
Paraules clau:
tor privoxy torbutton vidalia
Sembla que amb la mateixa solució d'#ultrasurf tampoc funciona la red tor (al menys amb la configuració per defecte per a Windows)
Això és el que mostra el log de IPCOP:
1233321612.135 7 192.168.1.5 TCP_MISS/404 0 CONNECT 80.190.246.100:443 - DIRECT/- - 1233321612.136 7 192.168.1.5 TCP_IMS_HIT/304 244 GET http://159.149.71.27:9030/tor/server/d/32023AE176452FD2DA39D8DDE7B27ADC568F50C3+9EA3A1E2D995B328A578C81D29E31EF69DD61A03+D149988E81621CC3F0629C77C34C7A2C49A79C92+D6EBCCD348D0C019153CF47053FE74E5B4483A43.z - NONE/- text/html 1233321613.144 4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 161.53.160.104:9090 - NONE/- text/html 1233321614.142 9 192.168.1.5 TCP_MISS/404 0 CONNECT 91.143.91.111:443 - DIRECT/- - 1233321615.149 1 192.168.1.5 TCP_DENIED/403 1936 CONNECT 88.198.90.110:9001 - NONE/- text/html 1233321616.147 2 192.168.1.5 TCP_DENIED/403 1940 CONNECT 194.171.167.98:11375 - NONE/- text/html 1233321617.146 10 192.168.1.5 TCP_DENIED/403 1938 CONNECT 206.174.50.120:9001 - NONE/- text/html 1233321618.149 7 192.168.1.5 TCP_DENIED/403 1936 CONNECT 128.12.191.32:9001 - NONE/- text/html 1233321619.183 2 192.168.1.5 TCP_MISS/404 0 CONNECT 84.19.177.90:443 - DIRECT/- - 1233321620.205 4 192.168.1.5 TCP_DENIED/403 1934 CONNECT 128.30.30.25:9001 - NONE/- text/html 1233321621.220 1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 147.52.17.41:9001 - NONE/- text/html 1233321622.222 1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 74.208.12.147:901 - NONE/- text/html 1233321623.255 15 192.168.1.5 TCP_MISS/404 0 CONNECT 82.94.251.204:443 - DIRECT/- - 1233321624.241 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 75.48.121.147:9001 - NONE/- text/html 1233321625.274 2 192.168.1.5 TCP_MISS/404 0 CONNECT 91.208.34.1:443 - DIRECT/- - 1233321626.315 9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 195.85.225.145:9001 - NONE/- text/html 1233321627.323 13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 192.108.114.19:9001 - NONE/- text/html 1233321627.928 3 192.168.1.5 TCP_DENIED/403 1936 CONNECT 91.121.98.173:9033 - NONE/- text/html 1233321628.320 16 192.168.1.5 TCP_MISS/404 0 CONNECT 194.150.168.126:443 - DIRECT/- - 1233321629.344 11 192.168.1.5 TCP_DENIED/403 1936 CONNECT 94.136.16.242:9001 - NONE/- text/html 1233321630.375 13 192.168.1.5 TCP_DENIED/403 1930 CONNECT 87.98.184.56:80 - NONE/- text/html 1233321631.404 15 192.168.1.5 TCP_DENIED/403 1936 CONNECT 216.139.240.0:9001 - NONE/- text/html 1233321632.430 5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 85.230.166.158:9001 - NONE/- text/html 1233321633.461 6 192.168.1.5 TCP_DENIED/403 1940 CONNECT 195.177.250.222:9001 - NONE/- text/html 1233321634.490 12 192.168.1.5 TCP_MISS/404 0 CONNECT 208.80.185.10:443 - DIRECT/- - 1233321635.520 13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 85.214.125.166:9001 - NONE/- text/html 1233321636.550 7 192.168.1.5 TCP_DENIED/403 1938 CONNECT 156.56.103.103:9001 - NONE/- text/html 1233321637.582 7 192.168.1.5 TCP_MISS/404 0 CONNECT 140.247.60.83:443 - DIRECT/- - 1233321638.602 10 192.168.1.5 TCP_DENIED/403 1940 CONNECT 72.249.145.143:19069 - NONE/- text/html 1233321639.631 8 192.168.1.5 TCP_MISS/404 0 CONNECT 79.111.143.186:443 - DIRECT/- - 1233321640.651 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 91.143.81.161:9001 - NONE/- text/html 1233321641.689 12 192.168.1.5 TCP_DENIED/403 1936 CONNECT 192.26.10.191:9001 - NONE/- text/html 1233321642.682 3 192.168.1.5 TCP_MISS/404 0 CONNECT 82.80.248.177:443 - DIRECT/- - 1233321643.725 14 192.168.1.5 TCP_DENIED/403 1938 CONNECT 212.112.241.59:9001 - NONE/- text/html 1233321644.755 13 192.168.1.5 TCP_MISS/404 0 CONNECT 85.214.58.87:443 - DIRECT/- - 1233321672.831 11 192.168.1.5 TCP_IMS_HIT/304 244 GET http://116.21.126.185:9030/tor/server/d/32023AE176452FD2DA39D8DDE7B27ADC568F50C3+9EA3A1E2D995B328A578C81D29E31EF69DD61A03+D149988E81621CC3F0629C77C34C7A2C49A79C92+D6EBCCD348D0C019153CF47053FE74E5B4483A43.z - NONE/- text/html 1233321705.994 32148 192.168.1.5 TCP_MISS/404 0 CONNECT 140.186.70.48:443 - DIRECT/- - 1233321706.944 11 192.168.1.5 TCP_DENIED/403 1936 CONNECT 212.224.22.39:9001 - NONE/- text/html 1233321707.985 10 192.168.1.5 TCP_DENIED/403 1934 CONNECT 202.75.39.98:9001 - NONE/- text/html 1233321708.994 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 216.195.48.55:9001 - NONE/- text/html 1233321710.030 6 192.168.1.5 TCP_DENIED/403 1936 CONNECT 80.252.154.85:9001 - NONE/- text/html 1233321711.034 4 192.168.1.5 TCP_DENIED/403 1934 CONNECT 81.169.156.7:9001 - NONE/- text/html 1233321712.050 11 192.168.1.5 TCP_MISS/404 0 CONNECT 86.59.32.35:443 - DIRECT/- - 1233321713.075 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 81.169.173.134:9001 - NONE/- text/html 1233321714.109 11 192.168.1.5 TCP_DENIED/403 1934 CONNECT 70.106.16.67:9001 - NONE/- text/html 1233321715.141 12 192.168.1.5 TCP_DENIED/403 1936 CONNECT 195.111.98.30:9001 - NONE/- text/html 1233321716.179 15 192.168.1.5 TCP_MISS/404 0 CONNECT 82.94.251.206:443 - DIRECT/- - 1233321717.207 8 192.168.1.5 TCP_DENIED/403 1938 CONNECT 75.144.197.249:9001 - NONE/- text/html 1233321718.210 12 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.31.186.33:9001 - NONE/- text/html 1233321719.245 15 192.168.1.5 TCP_MISS/404 0 CONNECT 212.112.242.159:443 - DIRECT/- - 1233321720.268 6 192.168.1.5 TCP_DENIED/403 1930 CONNECT 149.9.0.58:9001 - NONE/- text/html 1233321721.299 14 192.168.1.5 TCP_DENIED/403 1930 CONNECT 149.9.0.57:9001 - NONE/- text/html 1233321722.344 14 192.168.1.5 TCP_DENIED/403 1936 CONNECT 62.75.165.107:9001 - NONE/- text/html 1233321723.371 8 192.168.1.5 TCP_DENIED/403 1930 CONNECT 149.9.0.27:9001 - NONE/- text/html 1233321724.401 8 192.168.1.5 TCP_MISS/404 0 CONNECT 74.52.129.77:443 - DIRECT/- - 1233321725.424 4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 87.98.243.253:1194 - NONE/- text/html 1233321726.465 11 192.168.1.5 TCP_DENIED/403 1938 CONNECT 67.240.92.127:57391 - NONE/- text/html 1233321727.500 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 62.128.27.167:9001 - NONE/- text/html 1233321728.531 7 192.168.1.5 TCP_MISS/404 0 CONNECT 84.73.35.16:443 - DIRECT/- - 1233321729.587 13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 193.137.211.90:8192 - NONE/- text/html 1233321730.564 7 192.168.1.5 TCP_MISS/404 0 CONNECT 77.56.110.147:443 - DIRECT/- - 1233321731.591 7 192.168.1.5 TCP_MISS/404 0 CONNECT 91.143.87.107:443 - DIRECT/- - 1233321732.619 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 83.233.39.68:14723 - NONE/- text/html 1233321733.660 13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 89.110.146.219:9001 - NONE/- text/html 1233321734.684 8 192.168.1.5 TCP_MISS/404 0 CONNECT 85.25.5.64:443 - DIRECT/- - 1233321735.691 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 85.25.138.205:9001 - NONE/- text/html 1233321736.728 17 192.168.1.5 TCP_DENIED/403 1938 CONNECT 82.128.203.170:9001 - NONE/- text/html 1233321737.743 4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 192.42.113.248:9001 - NONE/- text/html 1233321766.806 3 192.168.1.5 TCP_DENIED/403 1938 CONNECT 82.118.210.148:9001 - NONE/- text/html 1233321767.820 6 192.168.1.5 TCP_DENIED/403 1936 CONNECT 84.16.234.128:9201 - NONE/- text/html 1233321768.817 4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 216.245.195.50:9001 - NONE/- text/html 1233321769.844 2 192.168.1.5 TCP_DENIED/403 1936 CONNECT 80.216.212.55:9001 - NONE/- text/html 1233321770.880 2 192.168.1.5 TCP_DENIED/403 1940 CONNECT 81.169.174.124:19001 - NONE/- text/html 1233321771.913 9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 212.112.241.44:9001 - NONE/- text/html 1233321797.950 8 192.168.1.5 TCP_DENIED/403 1940 CONNECT 213.128.138.201:9001 - NONE/- text/html 1233321798.970 4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 192.150.94.83:9001 - NONE/- text/html 1233321799.993 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 88.198.109.123:9001 - NONE/- text/html 1233321801.010 8 192.168.1.5 TCP_DENIED/403 1932 CONNECT 68.97.29.42:9001 - NONE/- text/html 1233321802.022 1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 81.169.136.161:9001 - NONE/- text/html 1233321803.034 2 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.214.44.24:9001 - NONE/- text/html 1233321829.079 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 62.40.184.106:9001 - NONE/- text/html 1233321830.095 1 192.168.1.5 TCP_DENIED/403 1930 CONNECT 91.58.61.6:9001 - NONE/- text/html 1233321831.133 2 192.168.1.5 TCP_DENIED/403 1936 CONNECT 81.169.168.60:9090 - NONE/- text/html 1233321864.266 32102 192.168.1.5 TCP_MISS/404 0 CONNECT 137.226.113.2:443 - DIRECT/- - 1233321865.268 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 66.199.252.58:9001 - NONE/- text/html 1233321866.285 1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 85.214.104.216:9001 - NONE/- text/html 1233321867.339 20 192.168.1.5 TCP_MISS/404 0 CONNECT 87.106.208.182:443 - DIRECT/- - 1233321868.331 4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 85.214.26.150:9001 - NONE/- text/html 1233321869.339 9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 67.101.158.248:9001 - NONE/- text/html 1233321870.346 5 192.168.1.5 TCP_DENIED/403 1936 CONNECT 81.166.101.28:9001 - NONE/- text/html 1233321871.360 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 204.13.164.27:9001 - NONE/- text/html 1233321872.374 3 192.168.1.5 TCP_DENIED/403 1938 CONNECT 72.236.167.137:9001 - NONE/- text/html 1233321873.401 9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 89.150.126.234:9001 - NONE/- text/html 1233321874.440 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 64.235.254.21:9001 - NONE/- text/html 1233321875.443 4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 78.46.176.185:9001 - NONE/- text/html 1233321876.490 13 192.168.1.5 TCP_DENIED/403 1936 CONNECT 78.47.209.229:9001 - NONE/- text/html 1233321877.502 1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 78.82.244.93:9001 - NONE/- text/html 1233321878.519 5 192.168.1.5 TCP_DENIED/403 1934 CONNECT 216.194.70.3:9001 - NONE/- text/html 1233321879.534 12 192.168.1.5 TCP_DENIED/403 1938 CONNECT 81.169.168.142:9001 - NONE/- text/html 1233321880.533 1 192.168.1.5 TCP_DENIED/403 1934 CONNECT 152.13.224.2:9001 - NONE/- text/html 1233321881.540 13 192.168.1.5 TCP_DENIED/403 1938 CONNECT 168.150.251.13:9091 - NONE/- text/html 1233321882.565 13 192.168.1.5 TCP_MISS/404 0 CONNECT 81.90.68.90:443 - DIRECT/- - 1233321883.584 6 192.168.1.5 TCP_DENIED/403 1936 CONNECT 95.112.178.98:9001 - NONE/- text/html 1233321884.590 3 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.25.153.16:9001 - NONE/- text/html 1233321885.612 1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 88.149.157.234:9001 - NONE/- text/html 1233321886.654 6 192.168.1.5 TCP_DENIED/403 1934 CONNECT 85.214.85.74:9001 - NONE/- text/html 1233321887.670 5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 88.198.129.242:9001 - NONE/- text/html 1233321888.720 14 192.168.1.5 TCP_MISS/404 0 CONNECT 82.143.158.39:443 - DIRECT/- - 1233321889.747 13 192.168.1.5 TCP_DENIED/403 1932 CONNECT 89.238.77.9:9001 - NONE/- text/html 1233321890.754 4 192.168.1.5 TCP_DENIED/403 1932 CONNECT 85.31.187.4:8463 - NONE/- text/html 1233321891.770 5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 216.24.174.245:9001 - NONE/- text/html 1233321892.799 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 212.112.242.89:9001 - NONE/- text/html 1233321893.837 14 192.168.1.5 TCP_DENIED/403 1936 CONNECT 66.197.163.73:9001 - NONE/- text/html 1233321894.861 12 192.168.1.5 TCP_DENIED/403 1936 CONNECT 156.17.2.222:10001 - NONE/- text/html 1233321895.883 1 192.168.1.5 TCP_DENIED/403 1938 CONNECT 195.113.20.121:9001 - NONE/- text/html 1233321921.953 2 192.168.1.5 TCP_DENIED/403 1936 CONNECT 81.217.50.165:9001 - NONE/- text/html 1233321922.980 10 192.168.1.5 TCP_DENIED/403 1934 CONNECT 94.75.228.29:9001 - NONE/- text/html 1233321923.980 1 192.168.1.5 TCP_DENIED/403 1936 CONNECT 84.72.176.142:9001 - NONE/- text/html 1233321925.000 3 192.168.1.5 TCP_DENIED/403 1936 CONNECT 75.133.86.248:9001 - NONE/- text/html
Ultrasurf notes https://docs.google.com/a/guifidocencia.sourceforge.net/document/pub?id=1KBmsOpeJly2TXM60B7a30zy07R0-0rcfv45FJroROpw
És una eina només disponible per a Windows que permet saltar-se un proxy utilitzant l'accés a proxis anònims.És de la companyia ultrareach i com podeu consultar a http://www.ultrareach.com/background_en.htm en teoria està creat per evitar el gran "muralla" (firewall) de la china. En chinès l'aplicació és diu wujie
El podeu trobar a:
http://www.ultrareach.com/
Diferents webs proveïxen idees de com filtrar aquesta eina (consulteu l'apartat recursos).
El primer de tot és filtrar les pàgines de descàrrega d'ultrareach al proxy. Una possible llista:
ultrareach.com ultrasurf.softonic.com geomundos.com/descargas/ultrasurf* wujie.net
URLs:
http://ultra1/ultrasurf.htm http://www.wujie.net/downloads/ultrasurf/u.zip http://www.internetfreedom.org/UltraSurf http://www.softonic.com/windows/seguridad-y-control-de-acceso gratis.portalprogramas.com/UltraSurf.html
Fins i tot denegar tota pàgina on aparegui a la URL ultrasurf, o al menys les cerques de Google:
Paraules clau
ultrasurf wujie q=ultrasurf
Amb això per ningú pot evitar que es portin el programa en un USB.
Per bloquejar tenim dos opcions. Primer utilitzar el user agent. ultrasurf no s'identifica com a cap user-agent i per tant podem només permetre l'accés a Internet a una llista de user-agents concreta.
Amb IPCOP això és fa ràpidament accedint a Servicios>Advanced Proxy i activant el
Consulteu l'article sobre IPCOP per saber com instal·lar Advanced Proxy.
Amb això, Firefox, Internet Explorer i altres navegadors poden accedir al proxy però no pas ultrasurf.
La configuració d'squid és la següent:
$ cat /etc/squid/squid.conf # Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes # you make will be overwritten whenever you resave proxy settings using the # web interface! # # Instead, modify the file '/var/ipcop/proxy/advanced/acls/include.acl' and # then restart the proxy service using the web interface. Changes made to the # 'include.acl' file will propagate to the 'squid.conf' file at that time. shutdown_lifetime 5 seconds icp_port 0 http_port 192.168.1.50:800 transparent acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache_effective_user squid cache_effective_group squid umask 022 pid_filename /var/run/squid.pid cache_mem 2 MB cache_dir aufs /var/log/cache 50 16 256 error_directory /usr/lib/squid/advproxy/errors.ipcop/English access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none useragent_log /var/log/squid/user_agent.log strip_query_terms off log_mime_hdrs off forwarded_for off via off acl with_allowed_useragents browser (AOL)|(avantbrowser)|(Firefox)|(FrontPage)|(Gecko)|(GetRight)|(Go!Zilla)|(kh_lt\/LT)|(Google\sToolbar)|(MSIE.*[)]$)|(Java)|(Konqueror)|(Lynx)|(Windows\-Media\-Player)|(NSPlayer)|(^Mozilla\/4.[7|8])|(Netscape)|(Opera)|(LegitCheck)|(Wget)|(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS)|(APT\-HTTP) acl within_timeframe time MTWHFAS 00:00-24:00 acl blocked_mimetypes rep_mime_type "/var/ipcop/proxy/advanced/mimetypes" acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 563 # snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 800 # Squids port (for icons) acl IPCop_http port 81 acl IPCop_https port 445 acl IPCop_ips dst 192.168.1.50 acl IPCop_networks src "/var/ipcop/proxy/advanced/acls/src_subnets.acl" acl IPCop_servers dst "/var/ipcop/proxy/advanced/acls/src_subnets.acl" acl IPCop_green_network src 192.168.1.0/255.255.255.0 acl IPCop_green_servers dst 192.168.1.0/255.255.255.0 acl CONNECT method CONNECT #Access to squid: #local machine, no restriction http_access allow localhost #GUI admin if local machine connects http_access allow IPCop_ips IPCop_networks IPCop_http http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https #Deny not web services http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #Set custom configured ACLs http_access allow IPCop_networks within_timeframe with_allowed_useragents http_access deny all #Strip HTTP Header header_access X-Forwarded-For deny all header_access Via deny all http_reply_access deny blocked_mimetypes http_reply_access allow all maximum_object_size 4096 KB minimum_object_size 0 KB request_body_max_size 0 KB reply_body_max_size 0 allow all visible_hostname ipcop.localdomain url_rewrite_program /usr/sbin/redirect_wrapper url_rewrite_children 10
On les línies més destacades són:
useragent_log /var/log/squid/user_agent.log acl with_allowed_useragents browser (AOL)|(avantbrowser)|(Firefox)|(FrontPage)|(Gecko)|(GetRight)|(Go!Zilla)|(kh_lt\/LT)|(Google\sToolbar)|(MSIE.*[)]$)|(Java)|(Konqueror)|(Lynx)|(Windows\-Media\-Player)|(NSPlayer)|(^Mozilla\/4.[7|8])|(Netscape)|(Opera)|(LegitCheck)|(Wget)|(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS)|(APT\-HTTP) http_access allow IPCop_networks within_timeframe with_allowed_useragents
Un altre alternativa es impedir l'accés a màquines remotes per la seva IP. Amb IPCOP és fa accedint al mòdul URL Filter del menú serveis:
NOTA: El filtre per IP afegeix la ACL !in-addr a squidGuard
Consulteu l'article sobre IPCOP per saber com instal·lar URL Filter.
URL Filter utilitza SquidGuard'. La configuració del fitxer /var/ipcop/urlfilter/squidGuard.conf és:
Acacha Wikilogdir /var/log/squidGuard
dbhome /var/ipcop/urlfilter/blacklists
dest ads {
domainlist ads/domains
urllist ads/urls
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
}
dest mail {
domainlist mail/domains
}
dest porn {
domainlist porn/domains
urllist porn/urls
}
dest proxy {
domainlist proxy/domains
urllist proxy/urls
}
dest violence {
domainlist violence/domains
urllist violence/urls
}
dest warez {
domainlist warez/domains
urllist warez/urls
}
dest files {
expressionlist custom/blocked/files
}
dest custom-allowed {
domainlist custom/allowed/domains
urllist custom/allowed/urls
}
dest custom-blocked {
domainlist custom/blocked/domains
urllist custom/blocked/urls
}
dest custom-expressions {
expressionlist custom/blocked/expressions
}
acl {
default {
pass !in-addr !ads !aggressive !audio-video !drugs !gambling !hacking !mail !porn !proxy !violence !warez any
redirect http://www.iescopernic.com/moodle/normes_dus.htm
}
}
La línia important és :
pass !in-addr
NOTA: tingueu en compte que potser haureu d'afegir + user-agents que tinguin sentit en la vostra xarxa.
http://ultra1/ultrasurf.htm
En un IPCOP amb les user-agents filtrats:
# tail -f /var/log/squid/access.log
1233317947.459 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 59.117.194.14:443 - NONE/- text/html 1233317947.501 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 218.174.4.170:443 - NONE/- text/html 1233317947.501 0 192.168.1.5 TCP_DENIED/403 1932 CONNECT 72.14.207.99:443 - NONE/- text/html 1233317947.509 4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 118.167.160.82:443 - NONE/- text/html 1233317947.523 0 192.168.1.5 TCP_DENIED/403 1932 CONNECT 138.235.42.3:443 - NONE/- text/html 1233317947.523 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 209.34.241.68:443 - NONE/- text/html 1233317947.523 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 137.187.66.224:443 - NONE/- text/html 1233317947.523 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.224.219.175:443 - NONE/- text/html 1233317947.546 3 192.168.1.5 TCP_DENIED/403 1934 CONNECT 59.117.194.14:443 - NONE/- text/html 1233317947.559 6 192.168.1.5 TCP_DENIED/403 1934 CONNECT 218.174.4.170:443 - NONE/- text/html 1233317947.570 4 192.168.1.5 TCP_DENIED/403 1934 CONNECT 218.174.4.170:443 - NONE/- text/html 1233317947.580 3 192.168.1.5 TCP_DENIED/403 1936 CONNECT 118.167.160.82:443 - NONE/- text/html 1233317947.596 7 192.168.1.5 TCP_DENIED/403 1936 CONNECT 118.167.160.82:443 - NONE/- text/html 1233317947.604 2 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.224.219.175:443 - NONE/- text/html 1233317947.615 7 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.224.219.175:443 - NONE/- text/html 1233317950.298 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 122.120.66.51:443 - NONE/- text/html 1233317950.298 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 137.187.66.224:443 - NONE/- text/html 1233317950.357 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.171.122.42:443 - NONE/- text/html 1233317950.357 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 193.41.233.200:443 - NONE/- text/html 1233317950.384 2 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html 1233317950.389 1 192.168.1.5 TCP_DENIED/403 1936 CONNECT 140.211.11.140:443 - NONE/- text/html 1233317950.414 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 204.16.104.198:443 - NONE/- text/html 1233317950.414 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 122.120.66.51:443 - NONE/- text/html 1233317950.419 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html 1233317950.419 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 221.231.141.46:443 - NONE/- text/html 1233317950.427 7 192.168.1.5 TCP_DENIED/403 1934 CONNECT 122.120.66.51:443 - NONE/- text/html 1233317950.442 9 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.171.122.42:443 - NONE/- text/html 1233317950.459 7 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.171.122.42:443 - NONE/- text/html 1233317950.486 7 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html 1233317950.495 2 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html 1233317951.524 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html 1233317951.524 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 210.171.0.140:443 - NONE/- text/html 1233317951.587 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html 1233317951.587 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 219.127.171.90:443 - NONE/- text/html 1233317951.656 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html 1233317951.656 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 164.159.171.59:443 - NONE/- text/html 1233317951.704 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 61.227.234.32:443 - NONE/- text/html 1233317951.711 0 192.168.1.5 TCP_DENIED/403 1932 CONNECT 74.125.19.44:443 - NONE/- text/html 1233317951.880 3 192.168.1.5 TCP_DENIED/403 1932 CONNECT 61.227.29.38:443 - NONE/- text/html 1233317951.880 3 192.168.1.5 TCP_DENIED/403 1934 CONNECT 64.182.122.46:443 - NONE/- text/html 1233317952.489 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 167.181.31.85:443 - NONE/- text/html 1233317952.506 16 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html 1233317953.345 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 61.227.234.32:443 - NONE/- text/html 1233317953.364 10 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html 1233317953.373 4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 125.232.116.61:443 - NONE/- text/html 1233317953.383 5 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html 1233317953.400 12 192.168.1.5 TCP_DENIED/403 1938 CONNECT 125.230.160.239:443 - NONE/- text/html 1233317953.410 3 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html 1233317953.419 4 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html 1233317953.439 12 192.168.1.5 TCP_DENIED/403 1932 CONNECT 61.227.29.38:443 - NONE/- text/html 1233317953.448 5 192.168.1.5 TCP_DENIED/403 1932 CONNECT 61.227.29.38:443 - NONE/- text/html 1233317953.917 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html 1233317953.917 0 192.168.1.5 TCP_DENIED/403 1930 CONNECT 202.38.64.8:443 - NONE/- text/html 1233317954.940 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html 1233317954.949 4 192.168.1.5 TCP_DENIED/403 1936 CONNECT 218.32.160.137:443 - NONE/- text/html 1233317956.353 9 192.168.1.5 TCP_DENIED/403 1938 CONNECT 220.137.114.235:443 - NONE/- text/html 1233317956.449 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 160.129.50.189:443 - NONE/- text/html 1233317956.449 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT 219.143.224.189:443 - NONE/- text/html 1233317956.744 0 192.168.1.5 TCP_DENIED/403 1934 CONNECT 149.101.24.73:443 - NONE/- text/html 1233317956.802 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 219.142.79.192:443 - NONE/- text/html 1233317956.868 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 61.219.223.187:443 - NONE/- text/html 1233317956.992 0 192.168.1.5 TCP_DENIED/403 1936 CONNECT 64.236.108.247:443 - NONE/- text/html 1233317957.053 0 192.168.1.5 TCP_DENIED/403 1938 CONNECT docs.google.com:443 - NONE/- text/html
Cal destacar la última línia, com intenta accedir a docs.google.com!
Al proxy si executeu:
$ netstat --inet -n | grep 443 tcp 0 0 10.0.2.15:1227 91.192.128.34:443 TIME_WAIT tcp 0 0 10.0.2.15:1251 66.135.52.17:443 TIME_WAIT tcp 0 0 10.0.2.15:1234 97.113.103.101:443 TIME_WAIT tcp 0 0 10.0.2.15:1253 116.213.96.5:443 TIME_WAIT tcp 0 0 10.0.2.15:1248 116.213.96.5:443 TIME_WAIT tcp 0 0 10.0.2.15:1241 203.70.99.37:443 TIME_WAIT tcp 0 0 10.0.2.15:1242 38.144.194.3:443 TIME_WAIT tcp 0 0 10.0.2.15:1233 204.16.104.198:443 TIME_WAIT tcp 0 0 10.0.2.15:1232 66.45.71.91:443 TIME_WAIT tcp 0 0 10.0.2.15:1240 125.224.221.59:443 TIME_WAIT tcp 0 0 10.0.2.15:1222 122.125.226.212:443 TIME_WAIT tcp 0 0 10.0.2.15:1228 220.140.101.226:443 TIME_WAIT tcp 0 0 10.0.2.15:1245 128.6.76.208:443 TIME_WAIT tcp 0 0 10.0.2.15:1226 65.49.2.121:443 TIME_WAIT tcp 0 0 10.0.2.15:1252 61.228.204.253:443 TIME_WAIT tcp 0 0 10.0.2.15:1230 213.215.157.222:443 TIME_WAIT tcp 0 0 10.0.2.15:1237 220.143.209.85:443 TIME_WAIT tcp 0 0 10.0.2.15:1247 123.204.202.129:443 TIME_WAIT tcp 0 0 10.0.2.15:1238 65.161.114.27:443 TIME_WAIT tcp 0 0 10.0.2.15:1249 65.49.2.122:443 TIME_WAIT tcp 0 0 10.0.2.15:1225 65.49.2.122:443 TIME_WAIT tcp 0 0 10.0.2.15:1239 198.239.146.19:443 TIME_WAIT tcp 0 0 10.0.2.15:1235 59.113.87.151:443 TIME_WAIT tcp 0 0 10.0.2.15:1236 165.206.254.144:443 TIME_WAIT tcp 0 0 10.0.2.15:1243 219.85.95.5:443 TIME_WAIT tcp 0 0 10.0.2.15:1246 123.204.205.45:443 TIME_WAIT tcp 0 0 10.0.2.15:1250 114.44.115.66:443 TIME_WAIT
Veureu les connexions a proxys SSL anònims que intenta realitzar.
Podeu veure quin servidor s'està intentant utilitzar amb:
$ netstat --inet -n | grep 443 | grep STABLISHED tcp 0 0 10.0.2.15:1414 65.49.2.121:443 ESTABLISHED
Funciona amb Wine:
Runs just fine under WINE. You need to download MSVCP60.DLL and copy it to your ~/.wine/drive_c/windows/system
.minijuegos.com alosjuegos.com candystand.com crackmanworld.com abcjuegos.com tuparada.com melodias-logos-juegos.com rincondeljuego.com/ trucoteca.com teagames.com extremo.101rpm.info portaljuegosgratis.com juegos.com chatear.com sexoyocio.com.mx juegamas.com i-network.com chat.com ads.prisacom.com bannersxchange.com pagead2.googlesyndication.com elreyano.com juegosjuegos.com lagripe.com falkag.net miniclip.com genteya.com movilisto.com .sponsoradulto.com .juegos.com .juegos.ozu.com .videofilia.com .youtube.com .video.google.com .doubleclick.net .video.1.google.com proxify.com proxify.org proxify.net proxify.biz proxify.info proxify.co.uk proxify.us anonymouse.org .e-messenger.net .juegomaniac.com .miniclip.com .juegos.servifutbol.com www.ebuddy.com www.meebo.com www1.messengerfx.com sc.webmessenger.msn.com www.msn2go.com www.emessenger.cl
Expressions regulars:
/etc/squid/acl/banned.acl .*/.+\.php\?q=.+(&hl).* .*/cgi-bin/nph-proxy-1.cgi .*/.+\.php\?u=.+(&b).* .*/proxy\.php\?q=.+(&p).* .*/.+\.php\?woo=.+(&hvn).*
Ips i dominis:
164.58.28.250:80 194.muja.pitt.washdctt.dsl.att.net:80 web.khi.is:80 customer-148-223-48-114.uninet.net.mx:80 163.24.133.117:80 paubrasil.mat.unb.br:8080 164.58.18.25:80 bpubl014.hgo.se:3128 bpubl007.hgo.se:3128 www.reprokopia.se:8000 193.188.95.146:8080 193.220.32.246:80 AStrasbourg-201-2-1-26.abo.wanadoo.fr:80 gennet.gennet.ee:80 pandora.teimes.gr:8080 mail.theweb.co.uk:8000 mail.theweb.co.uk:8888 194.6.1.219:80 194.79.113.83:8080 ntbkp.naltec.co.il:8080 195.103.8.10:8080 pools1-31.adsl.nordnet.fr:80 pools1-98.adsl.nordnet.fr:80 195.167.64.193:80 server.sztmargitgimi.sulinet.hu:80 los.micros.com.pl:80 195.47.14.193:80 mail.voltex.co.za:8080 196.23.147.34:80 196.40.43.34:80 lvsweb.lasvegasstock.com:8000 musalemnt.notariamusalem.cl:80 ip-36-018.guate.net.gt:80 200.135.246.2:80 ntserver1.comnt.com.br:80 200-204-182-137.terra.com.br:80 200.21.225.82:8080 200.211.98.5:80 isdn02201.cultura.com.br:80 isdn02204.cultura.com.br:80 isdn03021.cultura.com.br:80 adao.dei.unicap.br:80 gateway.andromaco.cl:80 mail.care.org.gt:80 p75-90.cmet.net:8080 jaamsa.com:3128 host031210.ciudad.com.ar:80 host071052.arnet.net.ar:8000 200.46.109.82:80 200.52.4.82:80 correo.cfired.org.ar:80 200.61.6.50:8080 202.103.6.178:3128 202.104.189.20:8080 202.104.20.181:80 202.105.138.19:8080 202.105.230.226:80 202.106.139.88:80 202.108.122.38:80 202.110.204.18:80 202.110.220.14:80 mail.jjs.or.id:80 cair.res.in:80 smtp2.info.com.ph:80 202.9.136.40:8080 202.99.225.45:8080 203.113.34.239:80 203.117.67.122:8080 203.123.240.112:80 proxy.nida.ac.th:8080 203.151.40.4:80 203.155.16.130:80 203.155.172.60:80 aworklan003105.netvigator.com:3128 esjv.com.hk:80 203.200.75.165:80 cp.chollian.net:80 yuluma.wa.edu.au:80 203.69.244.194:80 223-mail.internet.ve:8080 mail.bravocorp.com:8080 206.49.33.250:8080 207.61.38.67:8000 h209-17-147-1.gtconnect.net:80 209.47.38.116:8000 cr2098859123.cable.net.co:80 mail.unisol.com.ar:80 210.12.86.181:80 210.204.118.194:8080 210.21.93.141:3128 210.219.227.52:8080 210.242.164.150:80 210.8.92.2:80 210.82.40.243:8080 210.92.128.194:8080 210.96.65.4:80 host211000070226.kagaku-k.co.jp:80 www.kan-shoku.co.jp:80 ns.toyoriko.co.jp:80 211.114.116.60:80 211.165.192.8:80 211.21.111.227:8080 211.233.21.166:8080 211.45.21.165:8080 dns1.daiken-c.co.jp:80 dns.lpgc.or.jp:80 211.93.108.113:8080 212.12.157.130:8000 enteleca-2.dsl.easynet.co.uk:80 TK212017066196.teleweb.at:80 212.251.36.62:80 adslb-98-18.cytanet.com.cy:80 212.38.132.122:80 212.60.65.206:8080 is2.isys.no:8000 213.121.248.138:80 213.16.133.130:80 213.176.28.6:80 acode-u.org:8080 213.25.170.98:8080 213.25.29.12:80 p038-30.netc.pt:80 xirus.com:8080 adsl-216-158-25-110.cust.oldcity.dca.net:80 normandintransit.com:80 216-238-112-40.dsl.ct.thebiz.net:80 216.72.196.21:80 216.72.63.198:80 216.72.63.198:8080 217-127-248-37.uc.nombres.ttd.es:3128 217.153.114.66:8080 host217-34-153-161.in-addr.btopenworld.com:8080 host217-34-194-49.in-addr.btopenworld.com:80 host217-37-205-177.in-addr.btopenworld.com:8080 host182-44.pool21758.interbusiness.it:8000 host162-51.pool21759.interbusiness.it:80 217.66.203.82:3128 218.5.133.146:80 2.magicbird.co.jp:80 h0040f6a4e019.ne.client2.attbi.com:8080 4.22.156.10:80 61.11.26.150:80 61.131.48.219:80 61.133.63.129:80 61.138.130.229:8080 cm61-15-14-187.hkcable.com.hk:80 61.159.224.11:80 61.159.235.36:8080 61.180.73.66:8080 61.185.255.4:3128 61.32.11.130:8080 www.flab.fr:8080 adsl-63-192-134-107.dsl.snfc21.pacbell.net:8080 ftp.aparizona.com:80 64-132-153-94.gen.twtelecom.net:8000 ensait19.ensait.fr:80 ado.com.mx:80 AS7000_1B.sfn.co.jp:8080 ns.cyberlinks-jp.com:80 211.15.62.123:8000 210.163.167.162:80 h64-5-220-82.gtcust.grouptelecom.net:80 204.196.104.27:80 ftp.orange.uk.com:8000 maq241i.advance.com.ar:80 mertennt.merten.hu:80 61.142.169.98:80 ns.proserv.co.jp:80 www.nisshin-syouji.co.jp:80 202.9.136.40:80 210.254.8.52:8000 www.qdh.or.jp:80 207.167.236.137:80 210.74.254.35:80 219.163.108.18:8080 mail.koibuchi.ac.jp:80 dns1.koibuchi.ac.jp:80