第 1 頁 (共 1 頁)
block teamviewer
發表於 : 2017-04-18 19:26:27
由 yehlu
https://virtualitsupport.wordpress.com/ ... -mikrotik/
代碼: 選擇全部
/ip firewall address-list
add address=92.51.128.0/18 comment=Teamviewer_Server list=Teamviewer
add address=37.48.64.0/18 comment=Teamviewer_Server list=Teamviewer
add address=217.146.26.0/24 comment=Teamviewer_Server list=Teamviewer
add address=88.198.0.0/16 comment=Teamviewer_Server list=Teamviewer
add address=37.252.253.0/24 comment=Teamviewer_Server list=Teamviewer
add address=178.255.155.0/24 comment=Teamviewer_Server list=Teamviewer
add address=159.8.64.0/18 comment=Teamviewer_Server list=Teamviewer
add address=178.77.64.0/18 comment=Teamviewer_Server list=Teamviewer
/ip firewall filter
add action=drop chain=forward comment="Drop all traffic from address on \\ Teamviewer \\ address list" src-address-list=Teamviewer
add action=drop chain=input comment="Drop all traffic from address on \\ Teamviewer \\ address list" src-address-list=Teamviewer
Re: block teamviewer
發表於 : 2017-04-18 19:27:50
由 yehlu
http://www.linuxbms.com/how-to-block-te ... desyntax_1
代碼: 選擇全部
/ip firewall filter
add chain=forward action=add-dst-to-address-list protocol=tcp address-list=TeamViewer \
address-list-timeout=1d dst-port=5938
add chain=forward action=drop src-address-list=TeamViewer
add chain=forward action=drop dst-address-list=TeamViewer
Re: block teamviewer
發表於 : 2017-04-18 19:29:36
由 yehlu
代碼: 選擇全部
/ip firewall layer7-protocol
add name=teamviewer regexp="^(post|get) /d(out|in).aspx\?.*client=dyngate"
Re: block teamviewer
發表於 : 2017-04-18 19:31:31
由 yehlu
代碼: 選擇全部
/ip firewall layer7-protocol
add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?"
add name=soribada regexp="^GETMP3\r\
\nFilename|^\01.\?.\?.\?(Q:\\+|Q2:)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$"
add name=rdp regexp=rdpdr.*cliprdr.*rdpsnd
add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0-9]\r\
\n|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?\
[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|...................\?lime)"
add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\
\n"
add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01"
add name=shoutcast regexp="^get /.*icy-metadata:1|icy [1-5][0-9][0-9] [\\x09-\\x0d -~]*(content-type:audio|icy-)"
add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\01\03\04\FF]"
add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)"
add name=poco regexp="^\80\94\
\n\01....\1F\9E"
add name=ciscovpn regexp="^\01\F4\01\F4"
add name=x11 regexp="^[lb].\?\0B"
add name=xboxlive regexp="^X\80........\F3|^\06XN"
add name=applejuice regexp="^ajprot\r\
\n"
add name=zmaap regexp="^\1B\D7;H[\01\02]\01\?\01"
add name=live365 regexp=membername.*session.*player
add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00"
add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*(connection:|content-type:|content-length:|date:)|post [\t-\r -~]* http/[01]\\.[019]"
add name=sip regexp="^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]"
add name=pop3 regexp="^(\\+ok |-err )"
add name=smb regexp="\FFsmb[r%]"
add name=quake1 regexp="^\80\0C\01quake\03"
add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\
\n.[\01\02\03][\01-\
\n -~]*|[\03\04][!-~]+[\t-\r]+[a-z][\t-\r -~]*|\05[!-~]+[\t-\r]+([a-z][!-~]*[\t-\r]+[1-9][0-9]\?[0-9]\?|root[\t-\r]+[!-~]+).*)\
\n\$"
add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\
\nEnd(Public|AES)Key\
\n\$"
add name=ssh regexp="^ssh-[12]\\.[0-9]"
add name=jabber regexp="<stream:stream[\t-\r ][ -~]*[\t-\r ]xmlns=['\"]jabber"
add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get/scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]"
add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)"
add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )"
add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]"
add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)"
add name=subspace regexp="^\01....\11\10........\01\$"
add name=hotline regexp="^....................TRTPHOTL\01\02"
add name=doom3 regexp="^\FF\FFchallenge"
add name=ftp regexp="^220[\t-\r -~]*ftp"
add name=kugoo regexp="^1..\8E"
add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+"
add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10@\06"
add name=ssdp regexp="^notify[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:(alive|byebye)|^m-search[\t-\r ]\\*[\t-\r ]http/1\\.1[\t-\r -~]*ssdp:discover"
add name=imap regexp="^(\\* ok|a[0-9]+ noop)"
add name=ares regexp="^\03[]Z].\?.\?\05\$"
add name=fasttrack regexp=\
"^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?"
add name=qq regexp="^.\?\02.+\03\$"
add name=100bao regexp="^\01\01\05\
\n"
add name=aim regexp="^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x"
add name=unknown regexp=.
add name=msn-file regexp="^(ver [ -~]*msnftp\r\
\nver msnftp\r\
\nusr|method msnmsgr:)"
add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)"
add name=gnucleuslan regexp="gnuclear connect/[\t-\r -~]*user-agent: gnucleus [\t-\r -~]*lan:"
add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\
\n\$"
add name=bgp regexp="^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]"
add name=tesla regexp="\03\9A\89\"111\\.00 Beta |\E2<i\1E\1C\E9"
add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]"
add name=h323 regexp="^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05"
add name=finger regexp="^[a-z][a-z0-9\\-_]+|login: [\t-\r -~]* name: [\t-\r -~]* Directory:"
add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\t-\r]*,[\t-\r]*[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\r\
\n|[\r\
\n])\?\$"
add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\
\n\$"
add name=hddtemp regexp="^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|"
add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\01-\08]\?[\01\03]"
add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$"
add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc"
add name=smtp regexp="^220[\t-\r -~]* (e\?smtp|simple mail)"
add name=ipp regexp=ipp://
add name=msn regexp="ver [0-9]+ msnp[1-9][0-9]\? [\t-\r -~]*cvr0\r\
\n\$|usr 1 [!-~]+ [0-9. ]+\r\
\n\$|ans 1 [!-~]+ [0-9. ]+\r\
\n\$"
add name=irc regexp="^(nick[\t-\r -~]*user[\t-\r -~]*:|user[\t-\r -~]*:[\02-\r -~]*nick[\t-\r -~]*\r\
\n)"
add name=gopher regexp="^[\t-\r]*[1-9,+tgi][\t-\r -~]*\t[\t-\r -~]*\t[a-z0-9.]*\\.[a-z][a-z].\?.\?\t[1-9]"
add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]"
add name=nntp regexp="^(20[01][\t-\r -~]*AUTHINFO USER|20[01][\t-\r -~]*news)"
add name=aimwebcontent regexp=user-agent:aim/
add name=rtsp regexp="rtsp/1.0 200 ok"
add name=skype-out regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\
\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\?\t|\
\n.\?.\?.\?.\?.\?.\?.\?.\?\
\n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\
\?.\?.\?.\?\13|\14.\?.\?.\?.\?.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\?.\?.\?\1B|\
\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\".\?.\?.\?.\?.\?.\?.\?.\?\"|#.\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\
\$|%.\?.\?.\?.\?.\?.\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|'.\?.\?.\?.\?.\?.\?.\?.\?'|\\(.\?.\?.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\?.\?.\?.\?.\?.\?.\?-|\\.\
.\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\
\?.\?7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\
\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?.\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?.\?J|K.\
\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\
\?T|U.\?.\?.\?.\?.\?.\?.\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\^.\?\
.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?.\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\
\?g|h.\?.\?.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\
\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\?\
.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\
\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\?.\?.\?.\?.\
\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\
\95.\?.\?.\?.\?.\?.\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?.\?\9C|\9D.\?.\?.\?.\?.\
\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\
\A6.\?.\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\
\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\B6|\
\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\
\?.\?.\?.\?\BF|\C0.\?.\?.\?.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\?.\?.\?.\?\C7|\
\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\
\?.\?.\?.\?\D0|\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\?.\?.\?.\?.\?.\?.\?.\?\D8|\
\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\
\?.\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\
\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\?.\?.\?.\
\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\
\FB.\?.\?.\?.\?.\?.\?.\?.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)"
add name=skype regexp="^..\\x02............."
add name=skype2 regexp="[\\\\|\\xd5]"
add name=skype-ads regexp="^.+(rad.msn.com).*\$"
add name=skype-to-skype regexp="^..\02............."
add name=viber regexp="^..\\x80\\x67"
add name=viber2 regexp="^([\13\1B#\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\?.\?.\?[\C6-\FF])"
add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike"
add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch"
add name=freenet regexp="^\01[\08\t][\03\04]"
add name=battlefield2 regexp="^(\11 \01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\01\06|\FF\FF\FF))|[]\01].\?battlefield2"
add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0-9]\? \"[\t-\r -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\t-\r -~]+\")"
add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$"
add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)"
add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)"
add name=citrix regexp="2&\85\92X"
add name=whois regexp="^[ !-~]+\r\
\n\$"
add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat"
add name=teamspeak regexp="^\F4\BE\03.*teamspeak"
add name=worldofwarcraft regexp="^\06\EC\01"
add name=ventrilo regexp="^..\?v\\\$\CF"
add name=http-rtsp regexp="^(get[\t-\r -~]* Accept: application/x-rtsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*a=control:rtsp://)"
add name=thecircle regexp="^t\03ni.\?[\01-\06]\?t[\01-\05]s[\
\n\0B](glob|who are you\$|query data)"
add name=uucp regexp="^\10here="
add name=pcanywhere regexp="^(nq|st)\$"
add name=subversion regexp="^\\( success \\( 1 2 \\("
add name=imesh regexp="^(post[\t-\r -~]*<PasswordHash>................................</PasswordHash><ClientVer>|4\80\?\r\?\FC\FF\04|get[\t-\r -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\
.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)"
add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$"
add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\
\n"
add name=stun regexp="^[\01\02]................\?\$"
add name=tor regexp=TOR1.*<identity>
add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$"
add name=unset regexp=.
add name=chikka regexp="^CTPv1.[123] Kamusta.*\r\
\n\$"
add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\t-\r -~]*#####REPLAY_CHUNK_START#####)"
add name=armagetron regexp=YCLC_E|CYEL
add name=rtp regexp="^\\x80[\\x01-\"`-\\x7f\\x80-\\xa2\\xe0-\\xff]\?..........*\\x80"
add name=teamviewer regexp="^(post|get) /d(out|in).aspx\?.*client=dyngate"
add name=winmx regexp="\\+.*p.*get"
add name=bearshare regexp=z9.*u>p
add name=battlefield2142 regexp="^(\\x11\\x20\\x01\\x90\\x50\\x64\\x10|\\xfe\\xfd.\?.\?.\?\\x18|[\\x01\\\\].\?battlefield2)"
add name=bittorrent2 regexp="^\\x13bittorrent protocol|d1:ad2:id20:|\\x08'7P\\)[RP]|^\\x04\\x17\\x27\\x10\\x19\\x80|^get (.*)User-Agent: bittorrent|^azver\\x01\$|^get /(scrape|announce)\\\?info_hash=|^.\?.\?.\?.\?.\?.\?[0-9]_BitTorrent"
add name=bittorrent3 regexp="^get (/task/bt/.*|/task_recommend.*|/issupported )http/*[\\x09-\\x0d -~]"
add name=bittorrent4 regexp="^get (/announce.php\\\?info_hash=.*|/announce\\\?info_hash=.*|/announce.php\\\?passkey=.*|/announce\\\?passkey=.*|/\\\?info_hash=.*|/data\\\?fid=.*)http/*[\\x09-\\x0d -~]"
add name=bittorrent5 regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=)"
add name=bittorrent-dht regexp="^d1:[a|r]d2:id20:.*:y1:[q|r]e"
add name=bittorrent-utp1 regexp="\\x7F\\xFF\\xFF\\xFF\\xAB"
add name=bittorrent-utp2 regexp="\\\\x7F\\\\xFF\\\\xFF\\\\xFF\\\\xAB"
add name=bittorrent-utp3 regexp="\\7F\\FF\\FF\\FF\\AB"
add name=bittorrent-utp4 regexp="\\\\7F\\\\FF\\\\FF\\\\FF\\\\AB"
add name=bittorrent-utp5-mojiro regexp="^\\21\\00\\4C\\3F\\04"
add name=bittorrent-utp6-mojiro regexp="^\\01\\00\\4C\\3E\\C4"
add name=bittorrent6 regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=|get /announce\\\?info_hash=|ge\t\r\\n/ann\?uk=|get\r\\n/client/bitcomet/|get /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name=edonkey regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x02\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\
\\x58[\\x60\\x81\\x82\\x90\\x91\\x93\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa4]|\\x59................\?[ -~]|\\x96....\$)"
add name=gtalk regexp="^\\x80\\x4c\\x01\\x03\\x01\\x33\\x10\\x04\\x05\\x0a\\x01\\x80\\x07.\\x03\\x80\\x09\\x06\\x40\\x64\\x62\\x03\\x06\\x02\\x80\\x04\\x80\\x13\\x12\\x63"
add name=gtalk2 regexp="^(get|post) (/mail/channel/bind\\\?|/talkgadget/popout\?.*host: talkgadget.google.com)"
add name=gtalk-file regexp="^\\x02\\xf0"
add name=gtalk-file2 regexp="^get /create_session .*x-google-relay-auth.*x-session-type .*/session/share"
add name=gtalk3 regexp=^<stream:.*gmail.com.*jabber:client
add name=gtalk4 regexp="^<stream:stream to=\"gmail\\.com\""
add name=hamachi regexp="^..\\x01\\x12"
add name=icq-file regexp="\\x82\\x22\\x44\\x45\\x53\\x54"
add name=icq-file2 regexp="^post /data\\\?.*filexfer"
add name=icq-file3 regexp=filexfer
add name=icq-login regexp="^(\\*\\x01.\?.\?.\?.\?\\x01\$)|^get /hello http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d\\ -~].*host: http\\.proxy\\.icq\\.com|^get /hello(.*)host: .*\\.icq\\.com[\\x09-\\x0d\\ -~]"
add name=rtmp regexp="^\\x03.+\\x14.+\\x02.+\\x07.(connect)\?.+(app)\?"
add name=rtmp2 regexp="^\\x03.+\\x14.+\\x02.+\\x07.(connect)\?.+(video)\?"
add name=http-itunes regexp="http/(0\\.9|1\\.0|1\\.1).*(user-agent: itunes)"
add name=http-audio regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: audio)"
add name=http-video regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\02\01.\?0|\A4\06.+@\04.\?.\?.\?.\?\02\01.\?\02\01.\?C)"
add name=snmp-mon regexp="^\\x02\\x01\\x04.+[\\xa0-\\xa3]\\x02[\\x01-\\x04].\?.\?.\?.\?\\x02\\x01.\?\\x02\\x01.\?\\x30"
add name=snmp-trap regexp="^\\x02\\x01\\x04.+\\xa4\\x06.+\\x40\\x04.\?.\?.\?.\?\\x02\\x01.\?\\x02\\x01.\?\\x43"
add name=hotmail regexp="^get (http://.*mail\\.live\\.com/mail/|/mail/).*host: .*mail\\.live\\.com\\x0d\\x0a"
add name=gmail regexp="get (http://mail.google.com/mail/|/mail/)\?.*host: mail\\.google\\.com\\x0d\\x0a"
add name=yahoo-mail regexp="get (http://.*mail\\.yahoo\\.com/ym/login|/ym/login)\?.*host: .*mail\\.yahoo\\.com\\x0d\\x0a"
add name=yahoo-camera regexp="^(ymsg(.*)ystatus=1..47..0|ymsg(.*)49..webcaminvite)"
add name=yahoo-file regexp="^(get|post) /relay\\\?(.*domain=\\.yahoo\\.com|token=.*recver=)"
add name=yahoo-login regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[a-z]+|^post(.*)(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[a-z]+"
add name=yahoo-voice regexp="^ymsg.\?.\?.\?.\?.\?.\?.\?[j]+"
add name=guildwars regexp="^[\\x04\\x05]\\x0c.i\\x01"
add name=liveforspeed regexp="^..\\x05\\x58\\x0a\\x1d\\x03"
add name=runesofmagic regexp="^\\x10\\x03...........\\x0a\\x02.....\\x0e"
add name=teamfortress2 regexp="^\\xff\\xff\\xff\\xff.....*tfTeam Fortress"
add name=exe regexp="\\x4d\\x5a(\\x90\\x03|\\x50\\x02)\\x04"
add name=flash regexp="[FC]WS[\\x01-\\x09]|FLV\\x01\\x05\\x09"
add name=gif regexp="GIF8(7|9)a"
add name=jpeg regexp="\\xff\\xd8"
add name=pdf regexp="%PDF-1\\.[0123456]"
add name=perl regexp="\\#! \?/(usr/(local/)\?)\?bin/perl"
add name=png regexp="\\x89PNG\\x0d\\x0a\\x1a\\x0a"
add name=postscript regexp=%!ps
add name=rar regexp="rar\\x21\\x1a\\x07"
add name=rpm regexp="\\xed\\xab\\xee\\xdb.\?.\?.\?.\?[1-7]"
add name=rtf regexp="\\{\\\\rtf[12]"
add name=tar regexp=ustar
add name=zip regexp="pk\\x03\\x04\\x14"
add name=html regexp=<html.*><head>
add name=ogg regexp="oggs.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\\x01vorbis"
add name=mp3 regexp="\\x49\\x44\\x33\\x03"
add name=quicktime regexp="user-agent: quicktime \\(qtver=[0-9].[0-9].[0-9];os=[\\x09-\\x0d -~]+\\)\\x0d\\x0a"
add name=youtube regexp="GET (\\/videoplayback\\\?|\\/crossdomain\\.xml)"
add name=youtube2 regexp=googlevideo.com