Skype

1. Skype

Wescley de Carvalho Dimas
wescley1

(usa Ubuntu)

Enviado em 08/08/2013 - 15:53h

Depois de uma semana procurando desisti. Não achei nada que pudesse me ajudar de forma eficiente.
Afinal, é possível bloquear o maldito do skype usando squid e iptables?
Se algum de vocês estiver conseguindo, por favor, me dêem uma luz D:


  


2. Re: Skype

Buckminster
Buckminster

(usa Debian)

Enviado em 08/08/2013 - 16:01h

Veja isto:
http://wiki.squid-cache.org/ConfigExamples/Chat/Skype


3. Re: Skype

Wescley de Carvalho Dimas
wescley1

(usa Ubuntu)

Enviado em 08/08/2013 - 16:15h

é, não deu certo pra mim


4. Re: Skype

Buckminster
Buckminster

(usa Debian)

Enviado em 08/08/2013 - 16:36h

wescley1 escreveu:

é, não deu certo pra mim


Então você fez alguma coisa errada.

Tenta assim no Iptables:

iptables -I FORWARD -m string --algo bm --string "skype.com" -j DROP
iptables -I FORWARD -s 111.221.74.0/24 -j DROP
iptables -I FORWARD -s 111.221.77.0/24 -j DROP
iptables -I FORWARD -s 157.55.130.0/24 -j DROP
iptables -I FORWARD -s 157.55.235.0/24 -j DROP
iptables -I FORWARD -s 157.55.56.0/24 -j DROP
iptables -I FORWARD -s 157.56.52.0/24 -j DROP
iptables -I FORWARD -s 194.165.188.0/24 -j DROP
iptables -I FORWARD -s 195.46.253.0/24 -j DROP
iptables -I FORWARD -s 213.199.179.0/24 -j DROP
iptables -I FORWARD -s 63.245.217.0/24 -j DROP
iptables -I FORWARD -s 64.4.23.0/24 -j DROP
iptables -I FORWARD -s 65.55.223.0/24 -j DROP


5. Re: Skype

Wescley de Carvalho Dimas
wescley1

(usa Ubuntu)

Enviado em 08/08/2013 - 16:44h

como eu posso ter feito alguma coisa errada sendo que é só colocar o negócio no .conf? D:

olha só


#Porta padrao para acessar o proxy
#esta porta deve ser configurada em todos os computadores que farao
#requisicoes no proxy
http_port 3128


#pasta com as mensagens de erro do squid
error_directory /etc/squid/error_pages




#cache internet
cache_dir ufs /cache/ 7000 16 256
cache_mem 100 MB

visible_hostname Server


#criacao de acls

#acl SSL_ports port 443 #https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
#acl SSL_ports port 443 #https
#acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 465 #email diviaco
acl Safe_ports port 587 #email diviaco
acl Safe_ports port 993 #imap gmail
acl Safe_ports port 3128 #squid
acl Safe_ports port 8245 #noip
acl Safe_ports port 25 #noip
acl Safe_ports port 8125 #noip
acl Safe_ports port 1604 #noip
acl Safe_ports port 25 #noip
acl Safe_ports port 3389 #noip
acl Safe_ports port 4751 #noip
#acl Safe_ports port 80 #noip
acl Safe_ports port 8080 #noip
acl Safe_ports port 8223 #noip
acl purge method PURGE
acl CONNECT method CONNECT

##########################################################
###
###
### Teste das rejeições
###
###
########################################################

#toda a rede interna
acl localnet src 10.1.1.0/24
acl all src all

acl fiscal3 src 10.1.1.132

# Bloquear Skype
acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype

http_access deny numeric_IPS
http_access deny Skype_UA


acl validUserAgent browser \S+
http_access deny !validUserAgent



acl permitidos url_regex "/etc/squid/permitidos"
acl email url_regex "/etc/squid/email"


acl apontador dstdomain .apontador.
acl apontador dstdomain .maplink.


#http_access deny fiscal3 !permitidos !email


#http_access allow localnet permitidos
#http_access allow localnet email
#http_access allow localnet apontador



############################################################
###
###
###
###
################################################################








acl manager proto cache_object

acl localhost src 127.0.0.1/32




#######################################################
###
###
### ACL DE LIBERACAO POR PEDIDO
###
###
######################################################

acl sites_pedidos dstdomain .funedi.edu.br #pedido feito pela Caroline de Telefonista em 18/06/2013
acl sites_pedidos dstdomain .emccamp.com.br #pedido feito pela Grasiele de Vendas5 em 18/06/2013
acl sites_pedidos dstdomain .contrutoraemccamp.com.br #pedido feito pela Grasiele de Vendas5 em 18/06/2013


#######################################################
###
###
### FIM DE ACL DE LIBERACAO
###
###
#########################################################




###########################################################################
### ###
### CRIACAO DAS ACLs INDIVIDUAIS ###
### PARA TODOS OS COMPUTADORES ###
### DA REDE ###
### ###
### toda vez que for adicionado um computador na rede, deve adiciona-lo ###
### aqui tambem ###
### ###
### ###
### a lista esta dividida de acordo com o setor e em ordem afabetica ###
### ###
### ###
###########################################################################


acl departamentopes src 10.1.1.137


acl dppessoal src 10.1.1.117


acl evani src 10.1.1.138


acl fat2 src 10.1.1.113
acl fat3 src 10.1.1.114
acl fat4 src 10.1.1.135


acl gilmar src 10.1.1.102


acl financ1 src 10.1.1.103
acl financ2 src 10.1.1.104
acl financ3 src 10.1.1.105
acl financ4 src 10.1.1.106
acl financ5 src 10.1.1.107
acl financ6 src 10.1.1.108
acl financ7 src 10.1.1.109
acl financ8 src 10.1.1.110
acl financ9 src 10.1.1.136
acl financ10 src 10.1.1.131


acl fiscal1 src 10.1.1.112
acl fiscal2 src 10.1.1.130



acl nfe src 10.1.1.116
acl nfe2 src 10.1.1.128


acl oxcorte src 10.1.1.111


acl telefonista src 10.1.1.115


acl servidor src 10.1.1.240
acl servidor_s2 src 10.1.1.241


acl telemarketing3 src 10.1.1.141
acl telemarketing5 src 10.1.1.123


acl vendas1 src 10.1.1.118
acl vendas2 src 10.1.1.119
acl vendas3 src 10.1.1.120
acl vendas4 src 10.1.1.121
acl vendas5 src 10.1.1.122
acl vendas6 src 10.1.1.101
acl vendas7 src 10.1.1.124
acl vendas9 src 10.1.1.126



###########################################################################
### ###
### ###
### FIM DA LISTA DE ACLs INDIVIDUAIS ###
### ###
### ###
###########################################################################



acl sitesEvani dstdomain .inpi.gov.br
acl sitesEvani dstdomain .uol.com.br
acl sitesEvani dstdomain .hotmail.com
acl sitesEvani dstdomain .ricardoeletro.com.br
acl sitesEvani dstdomain .contadorperito.com



http_access allow evani sitesEvani




acl to_localhost dst 127.0.0.0/8 0.0.0.0/32


############################################################
###
###
### ACL de bloqueio comum
###
###
##############################################################



acl siteFB dstdomain 31.13.85.16
http_access deny localnet siteFB


acl blocked url_regex "/etc/squid/bloqueio"
deny_info ERR_ACCESS_DENIED blocked

http_access allow localnet !blocked







#########################################################
###
###
### fim da ACL de bloqueio comum
###
###
#########################################################



############################################################
###
###
### COAD
###
###
############################################################


acl coad url_regex "/etc/squid/coad"

#http_access allow fiscal3 coad
http_access allow fiscal1 coad
http_access allow vendas7 coad
http_access allow fiscal2 coad
http_access allow departamentopes coad
http_access allow evani coad


############################################################
###
###
### FIM COAD
###
###
############################################################






###################################################################
### ###
### ###
### LIBERACAO DO ACESSO NO HORARIO ###
### DE ALMOCO ###
### ###
### ###
### ###
### ###
###################################################################

acl h_almoco time MTWHF 11:29-13:00
http_access allow localnet h_almoco



###########################################################
### ###
### ###
### fim liberacao horario de almoco ###
### ###
### ###
###########################################################





###########################################################################
### ###
### ###
### LIBERACAO MANUAL ###
### ###
### USAR APENAS QUANDO NECESSARIO E AUTORIZADO ###
### ###
### ###
###########################################################################





http_access allow telefonista sites_pedidos
http_access allow vendas5 sites_pedidos
http_access allow financ1



###########################################################################
### ###
### ###
### FIM DA LIBERACAO MANUAL ###
### ###
### ###
###########################################################################

#local log
access_log /var/log/squid/access.log squid


################################################################################
### ###
### ###
### Parte q eu ainda não mexi ###
### ###
### ###
################################################################################









#tempo maximo de tentativa de retorno de um IP
#echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

#Valida Bloqueio MSN
#http_access deny msn


#http_access deny localnet mp3
#http_access deny localnet exe

#http_access allow manager localhost
#http_access deny manager

#http_access allow purge localhost
#http_access deny purge

#negar todo acesso as portas que nao liberadas
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#http_access allow localhost
#http_access deny all

#icp_access allow localnet
#icp_access deny all

#porta usada squid
#http_port 3128

#hierarchy_stoplist cgi-bin ?


#configuracoes proxy transparente
#httpd_accel_port 80
#httpd_accel_host virtual

#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
#echo 1 > /proc/sys/net/ipv4/ip_forward




refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]

upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

#extension_methods REPORT MERGE MKACTIVITY CHECKOUT

hosts_file /etc/hosts

#coredump_dir /var/spool/squid




6. Re: Skype

Buckminster
Buckminster

(usa Debian)

Enviado em 08/08/2013 - 16:55h

# Bloquear Skype
acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype

http_access deny numeric_IPS <<< aqui não é numeric_IPS, é numeric_IPs.
http_access deny Skype_UA

Faça a alteração, reinicie o Squid e teste.


7. Re: Skype

Wescley de Carvalho Dimas
wescley1

(usa Ubuntu)

Enviado em 09/08/2013 - 10:56h

ainda assim não deu. mesmo fechando todas as portas do computador


iptables -A FORWARD -s 10.1.1.132 -p tcp --dport 0:65535 -j DROP
iptables -A FORWARD -s 10.1.1.132 -p udp --dport 0:65535 -j DROP

iptables -A INPUT -s 10.1.1.132 -p tcp --dport 0:65535 -j DROP
iptables -A INPUT -s 10.1.1.132 -p udp --dport 0:65535 -j DROP

iptables -A OUTPUT -s 10.1.1.132 -p tcp --dport 0:65535 -j DROP
iptables -A OUTPUT -s 10.1.1.132 -p udp --dport 0:65535 -j DROP


o skype ainda connecta. como? porque?




8. Re: Skype

Carlos Alberto de Souza Barbosa
souzacarlos

(usa Outra)

Enviado em 09/08/2013 - 14:07h

Já tentou usar o tcpdump para monitorar as conexões passante para o skype? ex tcpdump -i eth0 src host 192.168.0.1

onde:

ETH0 é a interface onde está agrupado o host em questão

192.168.0.1 é o host que vc quer monitorar

aguardo,


9. Re: Skype

Wescley de Carvalho Dimas
wescley1

(usa Ubuntu)

Enviado em 09/08/2013 - 14:49h

souzacarlos escreveu:

Já tentou usar o tcpdump para monitorar as conexões passante para o skype? ex tcpdump -i eth0 src host 192.168.0.1

onde:

ETH0 é a interface onde está agrupado o host em questão

192.168.0.1 é o host que vc quer monitorar

aguardo,


isso eu não fiz.
pq o cenário é o seguinte:
1 servidor ubuntu com squid e 43 pc com windows xp

esse tcpdump eu teria que usar no squid (ip 10.1.1.133) ou no "cliente" que é o computador de teste (10.1.1.132)?


10. Re: Skype

Carlos Alberto de Souza Barbosa
souzacarlos

(usa Outra)

Enviado em 09/08/2013 - 15:21h

TCPDUMP é uma aplicação que irá monitorar o tráfego "entrante" ou "passante" por uma interface do servidor logo teria que ser executado no servidor...

wescley1 escreveu:

souzacarlos escreveu:

Já tentou usar o tcpdump para monitorar as conexões passante para o skype? ex tcpdump -i eth0 src host 192.168.0.1

onde:

ETH0 é a interface onde está agrupado o host em questão

192.168.0.1 é o host que vc quer monitorar

aguardo,


isso eu não fiz.
pq o cenário é o seguinte:
1 servidor ubuntu com squid e 43 pc com windows xp

esse tcpdump eu teria que usar no squid (ip 10.1.1.133) ou no "cliente" que é o computador de teste (10.1.1.132)?





11. Re: Skype

Buckminster
Buckminster

(usa Debian)

Enviado em 10/08/2013 - 05:02h

Você fez isso abaixo que eu disse antes?

# Bloquear Skype
acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype

http_access deny numeric_IPS <<< AQUI NÃO É numeric_IPS, É numeric_IPs.
http_access deny Skype_UA

Faça a alteração, reinicie o Squid e teste.


E tentou isso abaixo?

Tenta assim no Iptables:

iptables -I FORWARD 1 -m string --algo bm --string "skype.com" -j DROP
iptables -I FORWARD 2 -s 111.221.74.0/24 -j DROP
iptables -I FORWARD 3 -s 111.221.77.0/24 -j DROP
iptables -I FORWARD 4 -s 157.55.130.0/24 -j DROP
iptables -I FORWARD 5 -s 157.55.235.0/24 -j DROP
iptables -I FORWARD 6 -s 157.55.56.0/24 -j DROP
iptables -I FORWARD 7 -s 157.56.52.0/24 -j DROP
iptables -I FORWARD 8 -s 194.165.188.0/24 -j DROP
iptables -I FORWARD 9 -s 195.46.253.0/24 -j DROP
iptables -I FORWARD 10 -s 213.199.179.0/24 -j DROP
iptables -I FORWARD 11 -s 63.245.217.0/24 -j DROP
iptables -I FORWARD 12 -s 64.4.23.0/24 -j DROP
iptables -I FORWARD 13 -s 65.55.223.0/24 -j DROP






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts