Use ISA to prohibit QQ chat and SOCKS5 applications

If an enterprise wants to prohibit employees from chatting via QQ at work or from using LAN agents, it can directly deploy a special network management software-jusheng Network Management (Official Website:Http://www.grabsun.comYou can completely prohibit QQ chat, log on to the specified QQ account, prohibit QQ games, restrict QQ file transfer, and so on, which is simpler and faster!
1. When I started my first experiment, I first used two virtual machines: berlin and denver. berlin is an ISA Server and demver is an intranet client. QQ is the first to send UDP packets to port 8000 of the server. Because there are many QQ servers, select the fastest server to log on when the server replies. If Port 8000 is disabled, TCP port 80/443 is automatically used for connection. Here, I first disable the IP address of the QQ server. As shown in: After logging on to QQ, in "system settings" of QQ, "Logon Settings" will display IP addresses below, so that one by one is prohibited until QQ cannot be logged on, there are more than 100 IP addresses in total.
1. See:

　　

2. Open "computer set" in "network object" and Right-click to open "new computer set", as shown in:

　　

Click computer in add"

　　

Enter the IP address of the QQ Server Found below

　　

　　

3. As shown in, create a new policy "prohibit QQ from accessing the Internet", and right-click "new" and "access rule" under "firewall policy"

　　

Enter "prohibit QQ access" in the name"

　　

In this experiment, QQ is prohibited from accessing the internet, so "deny" is selected here"

　　

Select "all outbound communications"

　　

Click "add" to add "internal" and "local host"

　　

Add the new computer set (QQ-IP address) above.

　　

　　

　　

Now a policy is created, as shown in.

　　

Click "application"

　　

4. When I log on, I cannot log on.

5. Now we can use the HTTP proxy to access the Internet, as shown in:

　　

6. We can use the signature to prohibit the use of HTTP Proxy QQ, right-click "allow all access" to open "Configure HTTP", as shown in:

Note: If you use the packet capture tool, you can capture a lot of QQ signatures, but I only find a signature (tencent.com) on the Internet and cannot use the HTTP proxy to access the Internet, I have tried many times, as I said on the Internet, but I cannot use QQ over HTTP.

　　

Click Add"

　　

Enter the following signature "tencent.com" in the following signature line"

　　

Click "application"

　　

7. Now, QQ cannot be used as an HTTP proxy.

　　

At this point, I have completed the first experiment "prohibit QQ surfing the Internet". However, it is still possible for Intranet users to log on to QQ surfing. For details about how to log on, please refer to the next experiment. 2. Now I will introduce another Proxy (SOCKS5 Proxy), but to use this proxy, You need to download a proxy software online. Can go to this site to download, download steps I will not elaborate, you can go to the following site to view the location (http://www.waysonline.com/mader/resource/soproxy) I am here only to introduce how to use this software to log on to the QQ Internet.

Note: The DNS server is required for this experiment.

1. After downloading the agent software, you need to set it for use. For example, click "Account" and enter the card number, password, and service

Region.

Note: You must select "public service area" in the following service areas ". The icon in the lower-right corner must also be green. If it is gray, you can view the case on the website.

　　

Select "HTTP proxy" when "network" is enabled"

　　

Open "service" and select "Enable DNS query service"

　　

2. Now we can log on to QQ, as shown in:

　　

Enter verification characters here

　　

QQ has been successfully logged on.

　　

I have already completed this experiment. I can do it for a limited number of users. If you have any shortcomings, please give us some guidance. Thank you!