{"id":1001,"date":"2019-06-17T17:29:02","date_gmt":"2019-06-17T13:29:02","guid":{"rendered":"http:\/\/blog.5flor.ru\/?p=1001"},"modified":"2019-06-17T18:12:30","modified_gmt":"2019-06-17T14:12:30","slug":"%d0%b1%d0%bb%d0%be%d0%ba%d0%b8%d1%80%d0%be%d0%b2%d0%ba%d0%b0-%d1%81%d0%b0%d0%b9%d1%82%d0%be%d0%b2-%d0%be%d0%bd%d0%b0-%d0%b6%d0%b5-%d0%b1%d0%be%d1%80%d1%8c%d0%b1%d0%b0-%d1%81-%d1%82%d0%b5%d0%bb%d0%b5","status":"publish","type":"post","link":"https:\/\/blog.5flor.ru\/?p=1001","title":{"rendered":"\u0411\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u0441\u0430\u0439\u0442\u043e\u0432 \u043e\u043d\u0430 \u0436\u0435 \u0431\u043e\u0440\u044c\u0431\u0430 \u0441 \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0435\u0439"},"content":{"rendered":"\n<p>\u041f\u0440\u0438\u0447\u0438\u043d\u044b \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0441\u0443\u0442\u044c \u043e\u0434\u043d\u0430: \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043f\u043e \u0438\u043c\u0435\u043d\u0438.<br> https:\/\/gist.github.com\/nhasbun\/c122eb7469d542d0696856e7f106e6cb<br> \u0437\u0430\u0442\u0435\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0435\u0433\u043e \u0432 \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a. \u042d\u0442\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043f\u043e ip \u0441\u0442\u0430\u0440\u043e \u043d\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0435\u043d\u043d\u043e.<\/p>\n\n\n\n<p><br> \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u043e \u0438\u043c\u0435\u043d\u0438:<\/p>\n\n\n\n<p>\/ip firewall layer7-protocol add name=Telemetry_microsoft<br> regexp=&#187;^.+(vortex.data.microsoft.com|vortex-win.data.microsoft.com|telecommand.telemetry.microsoft.com|telecommand.telemetry<br>   .microsoft.com.nsatc.net|oca.telemetry.microsoft.com|oca.telemetry.microsoft.com<br>   .nsatc.net|sqm.telemetry.microsoft.com|sqm.telemetry.microsoft.com.nsatc.net|wats<br>   on.telemetry.microsoft.com|watson.telemetry.microsoft.com.nsatc.net|redir.metaser<br>   vices.microsoft.com|choice.microsoft.com|choice.microsoft.com.nsatc.net|df.teleme<br>   try.microsoft.com|reports.wes.df.telemetry.microsoft.com|wes.df.telemetry.microso<br>   ft.com|services.wes.df.telemetry.microsoft.com|sqm.df.telemetry.microsoft.com|tel<br>   emetry.microsoft.com|watson.ppe.telemetry.microsoft.com|telemetry.appex.bing.net|<br>   telemetry.urs.microsoft.com|telemetry.appex.bing.net|settings-sandbox.data.microsoft.com|vortex-sandbox.data.microsoft.com|survey.watson.microsoft.com|watson.live.com|watson.mi<br>   crosoft.com|statsfe2.ws.microsoft.com|corpext.msitadfs.glbdns2.microsoft.com|com<br>   patexchange.cloudapp.net|cs1.wpc.v0cdn.net|a-0001.a-msedge.net|statsfe2.update.microsoft.com.akadns.net|diagnostics.support.microsof<br>   t.com|corp.sts.microsoft.com|statsfe1.ws.microsoft.com|pre.footprintpredict.com|<br>   i1.services.social.microsoft.com|i1.services.social.microsoft.com.nsatc.net|feedb<br>   ack.windows.com|feedback.microsoft-hohm.com|feedback.search.microsoft.com|rad.msn.com|preview.msn.com|ad.doubleclic<br>   k.net|ads.msn.com|ads1.msads.net|ads1.msn.com|a.ads1.msn.com|a.ads2.msn.com|adne<br>   xus.net|adnxs.com|az361816.vo.msecnd.net|az512334.vo.msecnd.net|windowsupdate.microsoft.com|update.microsoft.com|windowsupdate.com|download.microsoft.com).*$&#187;<\/p>\n\n\n\n<p>\u041d\u0435 \u0432\u0441\u0435\u0433\u0434\u0430 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043d\u0441\u043e\u043b\u044c. \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0447\u0435\u0440\u0435\u0437 \u0432\u0435\u0431 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441.<br><\/p>\n\n\n\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u0430:<br> ip firewall filter add chain=forward action=reject reject-with=tcp-reset protocol=tcp layer7-protocol=Telemetry_microsoft<br>   ip firewall filter add chain=forward action=drop protocol=udp layer7-protocol=Telemetry_microsoft<\/p>\n\n\n\n<p>\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0432 \u0442\u0430\u0431\u043b\u0438\u0446\u0435 \u043d\u0438\u0436\u0435:<\/p>\n\n\n\n<table class=\"wp-block-table\"><tbody><tr><td><strong>AIM:<\/strong><\/td><td>^(\\*[\\x01\\x02].*\\x03\\x0b|\\*\\x01.?.?.?.?\\x01)|flapon|toc_signon.*0x<\/td><\/tr><tr><td><strong>Bittorrent:<\/strong><\/td><td>^(\\x13bittorrent protocol|azver\\x01$|get \n\/scrape\\?info_hash=get\/announce\\?info_hash=|get \n\/client\/bitcomet\/|GET\/data\\?fid=)|d1:ad2:id20:|\\x08\u20197P\\)[RP]<\/td><\/tr><tr><td><strong>Counterstrike Source:<\/strong><\/td><td>^\\xff\\xff\\xff\\xff.*cstrikeCounter-Strike<\/td><\/tr><tr><td><strong>DHCP:<\/strong><\/td><td>^[\\x01\\x02][\\x01- ]\\x06.*c\\x82sc<\/td><\/tr><tr><td><strong>DNS:<\/strong><\/td><td>^.?.?.?.?[\\x01\\x02].?.?.?.?.?.?[\\x01-?][a-z0-9][\\x01-?a-z]*[\\x02-\\x06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\\x01-\\x10\\x1c][\\x01\\x03\\x04\\xFF]<\/td><\/tr><tr><td><strong>eDonkey:<\/strong><\/td><td>^[\\xc5\\xd4\\xe3-\\xe5].?.?.?.?([\\x01\\x02\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58[\\x60\\x81\\x82\\x90\\x91\\x93\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa4]|\\x59\u2026\u2026\u2026\u2026\u2026.?\n [ -~]|\\x96\u2026.$)<\/td><\/tr><tr><td><strong>FTP:<\/strong><\/td><td>^220[\\x09-\\x0d -~]*ftp<\/td><\/tr><tr><td><strong>HTTP:<\/strong><\/td><td>http\/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] \n[\\x09-\\x0d \u2013~]*(connection:|content-type:|content-length:|date:)|post \n[\\x09-\\x0d -~]* http\/[01]\\.[019]<\/td><\/tr><tr><td><strong>IRC:<\/strong><\/td><td>^(nick[\\x09-\\x0d -~]*user[\\x09-\\x0d -~]*:|user[\\x09-\\x0d \u2013~]*:[\\x02-\\x0d \u2013~]*nick[\\x09-\\x0d -~]*\\x0d\\x0a)<\/td><\/tr><tr><td><strong>Jabber:<\/strong><\/td><td>&lt;stream:stream[\\x09-\\x0d ][ -~]*[\\x09-\\x0d ]xmlns=[&#8216;&#187;]jabber<\/td><\/tr><tr><td><strong>NTP:<\/strong><\/td><td>^([\\x13\\x1b\\x23\\xd3\\xdb\\xe3]|[\\x14\\x1c$]\u2026\u2026.?.?.?.?.?.?.?.?.?[\\xc6-\\xff])<\/td><\/tr><tr><td><strong>POP3:<\/strong><\/td><td>^(\\+ok .*pop)<\/td><\/tr><tr><td><strong>SIP:<\/strong><\/td><td>^(invite|register|cancel|message|subscribe|notify)sip[\\x09-\\x0d -~]*sip\/[0-2]\\.[0-9]<\/td><\/tr><tr><td><strong>Samba:<\/strong><\/td><td>\\xffsmb[\\x72\\x25]<\/td><\/tr><tr><td><strong>SMTP:<\/strong><\/td><td>^220[\\x09-\\x0d -~]* (e?smtp|simple \nmail)userspacepattern=^220[\\x09-\\x0d -~]* (E?SMTP|[Ss]imple \n[Mm]ail)userspace flags=REG_NOSUB REG_EXTENDED<\/td><\/tr><tr><td><strong>SNMP:<\/strong><\/td><td>^\\x02\\x01\\x04.+([\\xa0-\\xa3]\\x02[\\x01-x04].?.?.?.?\\x02\\x01.?\\x02\\x01.?\\x30|\\xa4\\x06.+\\x40\\x04.?.?.?.?\\x02\\x01.?\\x02\\x01.?\\x43)<\/td><\/tr><tr><td><strong>Socks:<\/strong><\/td><td>\\x05[\\x01-\\x08]*\\x05[\\x01-\\x08]?.*\\x05[\\x01-\\x03][\\x01\\x03].*\\x05[\\x01-\\x08]?[\\x01\\x03]<\/td><\/tr><tr><td><strong>SSH:<\/strong><\/td><td>^ssh-[12]\\.[0-9]<\/td><\/tr><tr><td><strong>SSL:<\/strong><\/td><td>^(.?.?\\x16\\x03.*\\x16\\x03|.?.?\\x01\\x03\\x01?.*\\x0b)<\/td><\/tr><tr><td><strong>Telnet:<\/strong><\/td><td>^\\xff[\\xfb-\\xfe].\\xff[\\xfb-\\xfe].\\xff[\\xfb-\\xfe]<\/td><\/tr><tr><td><strong>Tor:<\/strong><\/td><td>TOR1.*&lt;identity&gt;<\/td><\/tr><\/tbody><\/table>\n\n\n\n<p><em>\u00a0\u00a0 <\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u041f\u0440\u0438\u0447\u0438\u043d\u044b \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0441\u0443\u0442\u044c \u043e\u0434\u043d\u0430: \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043f\u043e \u0438\u043c\u0435\u043d\u0438. https:\/\/gist.github.com\/nhasbun\/c122eb7469d542d0696856e7f106e6cb \u0437\u0430\u0442\u0435\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0435\u0433\u043e \u0432 \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a. \u042d\u0442\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0430 \u043f\u043e ip \u0441\u0442\u0430\u0440\u043e \u043d\u043e \u0434\u0435\u0439\u0441\u0442\u0432\u0435\u043d\u043d\u043e. \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u043e \u0438\u043c\u0435\u043d\u0438: \/ip firewall layer7-protocol add name=Telemetry_microsoft regexp=&#187;^.+(vortex.data.microsoft.com|vortex-win.data.microsoft.com|telecommand.telemetry.microsoft.com|telecommand.telemetry .microsoft.com.nsatc.net|oca.telemetry.microsoft.com|oca.telemetry.microsoft.com .nsatc.net|sqm.telemetry.microsoft.com|sqm.telemetry.microsoft.com.nsatc.net|wats on.telemetry.microsoft.com|watson.telemetry.microsoft.com.nsatc.net|redir.metaser vices.microsoft.com|choice.microsoft.com|choice.microsoft.com.nsatc.net|df.teleme try.microsoft.com|reports.wes.df.telemetry.microsoft.com|wes.df.telemetry.microso ft.com|services.wes.df.telemetry.microsoft.com|sqm.df.telemetry.microsoft.com|tel emetry.microsoft.com|watson.ppe.telemetry.microsoft.com|telemetry.appex.bing.net| telemetry.urs.microsoft.com|telemetry.appex.bing.net|settings-sandbox.data.microsoft.com|vortex-sandbox.data.microsoft.com|survey.watson.microsoft.com|watson.live.com|watson.mi crosoft.com|statsfe2.ws.microsoft.com|corpext.msitadfs.glbdns2.microsoft.com|com &hellip; <a href=\"https:\/\/blog.5flor.ru\/?p=1001\">\u0427\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043b\u0435\u0435 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-1001","post","type-post","status-publish","format-standard","hentry","category-mikrotik"],"_links":{"self":[{"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=\/wp\/v2\/posts\/1001"}],"collection":[{"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1001"}],"version-history":[{"count":0,"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=\/wp\/v2\/posts\/1001\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.5flor.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}