diff options
| author | 尹姜谊 <[email protected]> | 2024-11-06 10:58:54 +0800 |
|---|---|---|
| committer | 尹姜谊 <[email protected]> | 2024-11-06 10:58:54 +0800 |
| commit | ee5a5dba40817632ed32d8d86313bb45def60100 (patch) | |
| tree | ad92d76315b42a733be9a6a99a03657a820c5f9b /config24.01.yaml | |
| parent | 3f3ec89b7b58945cd43b8a41f28432336a51361d (diff) | |
修改:Turbo VPN新增www.myanmar.com识别特征24.02
Diffstat (limited to 'config24.01.yaml')
| -rw-r--r-- | config24.01.yaml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config24.01.yaml b/config24.01.yaml index 40dccdd..9439093 100644 --- a/config24.01.yaml +++ b/config24.01.yaml @@ -132,7 +132,7 @@ turbovpn: plugin_name: turbovpn object_type: ip confidence: confirmed - sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (app_transition LIKE '%Turbo_Payload%') UNION ALL select server_ip from {$db_name}.{$table_name} WHERE {$time_filter} AND (server_port in (66, 109, 8080, 97, 94, 92, 21, 25, 110, 119, 2000, 2001)) AND decoded_as='BASE' and sent_bytes<1000 AND received_bytes<1000 and sent_pkts<10 and received_pkts<10 and server_asn in ('14061', '21859', '9009', '212238', '16276', '40021', '20473', '174', '138915', '12876') group by server_ip having count(*) >=10 + sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (app_transition LIKE '%Turbo_Payload%') group by server_ip UNION ALL SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (server_fqdn ='www.myanmar.com') group by server_ip UNION ALL select server_ip from {$db_name}.{$table_name} WHERE {$time_filter} AND (server_port in (66, 109, 8080, 97, 94, 92, 21, 25, 110, 119, 2000, 2001)) AND decoded_as='BASE' and sent_bytes<1000 AND received_bytes<1000 and sent_pkts<10 and received_pkts<10 and server_asn in ('14061', '21859', '9009', '212238', '16276', '40021', '20473', '174', '138915', '12876') group by server_ip having count(*) >=10 geckovpn: |