Router Firewall Application Example-how to restrict intranet use of QQ

Router Firewall Application Example-how to restrict intranet use of QQ

When logging on to the QQ client, the Internet port numbers used include UDP port 8000, TCP port 80, and 443. Generally, port 80 and port 443 are not recommended to be blocked directly, unless you do not want to browse the Web page. Therefore, our solution is to combine the domain name filtering and IP address filtering functions of the router.

In the following introduction, the QQ version is QQ2010.

 

1. Set domain name Filtering:

By viewing QQ connection information, the domain name information of the server currently used during QQ login is as follows:

 

UDP Server:

Sz.tencent.com

Sz2.tencent.com

Sz3.tencent.com

Sz4.tencent.com

 

Sz5.tencent.com

 

Sz6.tencent.com

Sz7.tencent.com

Sz8.tencent.com

Sz9.tencent.com

 

TCP Server:

Tcpconn.tencent.com

Tcpconn2.tencent.com

Tcpconn3.tencent.com

Tcpconn4.tencent.com

Tcpconn5.tencent.com

 

Tcpconn6.tencent.com

 

 

At the same time, information related to qq.com is also used. Therefore, domain name filtering is set on the vro to prohibit domain name resolution for these servers.

Configure domain name filtering on the vro to disable domain name resolution for these servers:

1) Enable Domain Name Filtering

2) filter requests for tencent.com and qq.com domain names

If you have successfully disabled QQ login after setting domain name filtering, you do not need to set IP address filtering. Otherwise, you need to continue to set IP address filtering.

 

2. Set IP address filtering:

First, you must find the IP addresses that need to be filtered. We can use the following method to obtain the IP addresses of the login servers to be filtered:

After successfully logging on to QQ, go to QQ settings:

Click "network connection" to view "Login Server". The IP address displayed here is the IP address we want to filter.

 

Then we start to set IP address filtering:

1) Enable IP address filtering

After the settings are complete, log on to QQ again, continue searching for the IP address of the server that can be logged on through the above method, and add the IP address segment where the login IP address is located to filter it out, loop this process until QQ cannot log on.

After filtering out the following IP address segments, QQ cannot log on:

After domain name filtering and IP address filtering are configured above, QQ login will be restricted. However, we should note that when setting IP address filtering, we filter out the IP address segments, so some normal IP addresses that are not QQ servers are also filtered out. If "the target IP address to be connected is also filtered", you can simply split the restricted IP address segments into multiple segments, it does not include the IP address we need to access.

 

Attachment qq server address:

 

219.133.40.15 218.17.209.23 202.104.129.252 218.18.95.153 202.104.129.20.

61.144.238.145 202.104.129.253 61.141.194.203 202.104.129.254 218.18.95.165

 

 

61.144.238.146 219.133.40.91 211.248.99.252 218.17.217.66 61.144.238.156

219.133.40.89 219.133.40.115 219.133.40.90 219.133.40.113 219.133.40.114

210.22.12.126 61.141.194.223 61.172.249.135 202.104.128.233 202.96.170.164

218.17.217.103 218.66.59.233 61.141.194.207 202.96.170.163 202.96.170.166

202.96.140.18 202.96.140.119 202.96.140.8 202.96.140.12 218.18.95.221

219.133.45.15 61.141.194.424218.17.209.42 61.141.194.227 218.18.95.171

219.133.49.6 219.133.49.73 219.133.48.56 219.133.40.215 219.133.38.132

219.133.38.30 219.133.40.177 219.133.38.410219.133.38.29 219.133.48.88

 

219.133.38.31 219.133.60.34

 

QQ servers are divided into three types:

 

1. UDP 8000 Port Class 13: the fastest speed, the most server.

 

QQ will send UDP data packets to the 11 servers online, and select the one with the fastest response speed as the connection server.

 

The names of the six servers start with SZ and the domain suffix is tencent.com. The domain name corresponds to the IP address

 

Sz sz2: 61.144.238.145 61.144.238.146 61.144.238.156

 

 

 

Sz3 sz4 sz6 sz7: 202.104.129.20.202.104.129.254 202.104.129.252

 

202.104.129.253

 

Sz5: 61.141.194.203 202.96.170.166 218.18.95.221 219.133.45.15

 

61.141.194.20.202.96.170.164

 

2. tcp http connects to four servers and uses HTTP 80 and 443 ports for connection

 

The names of the four servers start with tcpconn and the domain suffix is tencent.com. The domain name corresponds to the IP address

 

 

 

Tcpconn tcpconn3 218.17.209.23

 

Tcpconn2 tcpconn4 218.18.95.153 61.141.194.227 218.18.95.171

 

3. log on to the server as a VIP and use HTTP 443 for secure connection.

 

Server IP address 218.17.209.42

 

If you know the addresses of these servers, It will be OK if they are all blocked. No one can go to QQ, and the agent software will talk about it again ).

 

If yes, a new server is added! See killing one! Hey!

 

 

 

QQ: currently, the default port is 4000, which transfers UDP. However, and are also used for UDP transmission. No matter 3721, all are prohibited.