Professional Documents
Culture Documents
AM
IBR SaaS enabled
UPPS SaaS enabled
Version 1.0
AM
..................................................................................................................................................................2
1. AM ........................................................................................................................ 6
1-1 AM ..............................................................................................................6
2. AM ............................................................................................................ 7
2-1 ........................................................................................................................................ 7
2-2 ........................................................................................................................................ 8
2-3 ............................................................................................................................................ 8
2-4 ............................................................................................................................................ 9
3. AM .......................................................................................................... 11
3-1 AM ......................................................................................................... 11
3-2 AM ..................................................................................... 12
3-3 AM ..................................................................................... 13
3-4 .......................................................................................................................................... 14
3-5 .......................................................................................................................................... 14
3-6 .......................................................................................................................................... 14
3-7 .......................................................................................................................................... 14
4. .................................................................................................................................................... 15
4-1 .................................................................................................................................. 15
4-2 .......................................................................................................................................... 16
4-3 .......................................................................................................................................... 19
4-4 .......................................................................................................................................... 24
4-5 .......................................................................................................................................... 29
4-6 .......................................................................................................................................... 31
4-7 .......................................................................................................................................... 32
4-8 .......................................................................................................................................... 35
4-9 .......................................................................................................................................... 38
4-10 ........................................................................................................................................ 41
4-11 ........................................................................................................................................ 44
4-12 ........................................................................................................................................ 46
4-13 FTP ......................................................................................................................................... 48
4-14 TELNET ................................................................................................................................. 50
4-15 HTTPS .................................................................................................................................... 52
4-16 ........................................................................................................................................ 55
4-17 ........................................................................................................................................ 56
5. .................................................................................................................................................... 59
5-1 .................................................................................................................................. 59
5-2 .......................................................................................................................................... 61
5-3 .................................................................................................................................. 63
5-3-1 ...............................................................................................................................64
5-3-2 Bypass ........................................................................................................................... 66
5-3-3 IP.............................................................................................................................. 67
5-3-4 ...........................................................................................................................67
- 2 -
AM
5-3-5 IP.................................................................................................................................. 70
5-4 .................................................................................................................................. 70
5-4-1 ...............................................................................................................................71
5-4-2 .......................................................................................................................72
5-4-3 .......................................................................................................................77
5-4-4 .......................................................................................................................78
5-4-5 .......................................................................................................................79
5-4-6 ...................................................................................................................83
5-4-7 ...................................................................................................................85
5-5 .................................................................................................................................. 92
5-5-1 .......................................................................................................................94
5-5-2 .......................................................................................................................96
5-5-3 .......................................................................................................................97
5-5-4 .......................................................................................................................99
5-6 ................................................................................................................................ 105
5-6-1 .....................................................................................................................106
5-6-2 .....................................................................................................................109
5-6-3 QQ ............................................................................................................................... 110
5-6-4 MSN ............................................................................................................................ 111
5-6-5 ............................................................................................................................. 114
5-6-6 YAHOO ................................................................................................................... 114
5-6-7 FTP .............................................................................................................................. 115
5-6-8 HTTPS .........................................................................................................................116
5-6-9 TELNET ...................................................................................................................... 118
5-6-10 ........................................................................................................................... 119
5-7 ............................................................................................................................ 120
5-7-1 .................................................................................................................120
5-7-2 ........................................................................................................ 122
5-8 ................................................................................................................................ 123
5-9 ................................................................................................................................ 125
5-9-1 .............................................................................................................................126
5-9-2 .....................................................................................................................127
5-9-3 .....................................................................................................................131
5-9-4 .....................................................................................................................133
5-9-5 .................................................................................................... 135
5-10 ...................................................................................................................................... 135
5-11 ...................................................................................................................................... 137
6. .................................................................................................................................................. 139
6-1 ........................................................................................................................................ 139
6-1-1 IP.......................................................................................................................................... 139
6-1-2 LDAP................................................................................................................................... 144
6-1-3 .....................................................................................................................149
6-2 ........................................................................................................................................ 151
6-2-1 ROOT................................................................................................................................... 151
- 3 -
AM
- 4 -
AM
8-4-3 .........................................................................................................................259
8-4-4 .........................................................................................................................262
8-4-5 .............................................................................................................................268
8-4-6 .............................................................................................................................272
8-5 ........................................................................................................................................ 274
8-5-1 .............................................................................................................................274
8-5-2 .....................................................................................................................275
8-5-3 .....................................................................................................................276
8-5-4 .....................................................................................................................276
8-5-5 Web ..................................................................................................................... 277
8-5-6 ARP ..................................................................................................................... 279
8-5-7 .....................................................................................................................280
8-5-8 .....................................................................................................................281
8-5-9 .....................................................................................................................282
8-5-10 IP ................................................................................................................. 284
8-6 ........................................................................................................................................ 285
9. ...................................................................................................................................... 286
9-1 .................................................................................................................................... 286
9-2 URL ............................................................................................................ 286
9-3 .................................................................................................... 287
........................................................................................................................................... 289
1AM ..................................................................................................290
2..................................................................................................................................... 292
3URL ................................................................................................................................ 302
4............................................................................................................................................. 303
5MIME ..................................................................................................................... 307
6AD ...................................................................................................................................313
7AD ...........................................................................................................................................319
8..................................................................................................................... 323
9. .................................................................................................................................................. 326
- 5 -
AM
1.
AM
1-1 AM
AMAM
IT
43 10 URL
1300 URL 300
200
DCI P2P
80 web
IMBBSHTTPSTelnetFTP
- 6 -
AM
2.
AM
AM
AM
2-1
AM/
2 1
AM IP AM IP
192.168.1.23/255.255.255.0
AM AM
/ IP 192.168.1.254
AMWeb
https: //AMIPhttps: //192.168.1.23
Web https http
- 7 -
AM
2-2
AM
2 2
1 IP AM IP
192.168.1.23/255.255.255.0
2 IP AM IP
1 IP 192.168.10.23.
AM / IP
192.168.1.254
1. AM
AM
2.
3.
AM Web
https: //AM IP https:
//192.168. 30 .23 8-3-1
4.
https://192.168.1.23
2-3
NAT
- 8 -
AM
2 3
AM IP IP IP 10.10.10.1
AM IP
AM
1. AM
2. ADSL
3. 8-3-3-3
2-4
- 9 -
AM
2 4
AM ::
AM
IP IP 192.168.1.23
AM AM IP IP
192.168.30.254 PC
IP IP
AM web IP IP
IP
- 10 -
AM
3.
AM
3-1 AM
AM
AMIP192.168.1.23PC
IP192.168.1.10
PChttps: //192.168.1.23https
httpAM
3 1
AMadminsinohigh
AM
1.
2. IP 15
AM
3-2 AM
AM
- 11 -
AM
3 2AM
AM
AM
FTP
TELNET
HTTPS
- 12 -
AM
3-3 AM
AM5
AM
Web
P2P
IP
IP
LDAP
- 13 -
AM
AM
AM
3-4
AMIP
DNSAM8-3-2
3-5
AM
8-4-3-1
3-6
AM AM
3-7
AM
3 3
Web
- 14 -
AM
4.
4-1
4 1
60
- 15 -
AM
QQMSN
YAHOO
FTP FTP
FTP
TELNET TELNET
TELNET
HTTPSHTTPS
HTTPS
MSNFTP
200
FTP
TELNET HTTPS
4-2
AM
- 16 -
AM
4 2
AMAM
4 3 -
- 17 -
AM
AM
CPU CPU
AM
URL URL
AM
24AM
AM
bpsKbps
Mbps
4 4 -
24
24 1 30
AM
bps Kbps
Mbps
AM
AM
- 18 -
AM
1 AM
1 2
AM
AM
4 5 -
AM
8-4
AM
AM
4 6
4-3
- 19 -
AM
4 7
- 20 -
AM
AM
4 8 -
AM
5 5
4 9 -
AM
AM
1 AM
1 2
60
60 30 10
- 21 -
AM
AM
bps Kbps
Mbps
4 10 -
10
- 22 -
AM
4 11 -
10
20 50 10
URL
4 12 -
- 23 -
AM
10 20 50 10
4 13
1 news.sina.com.cn
games.sina.com.cn sina.com.cn
4-4
4 14
AM
- 24 -
AM
IP
6-4-1
IP IP
KB
MAC
MAC
MAC
IP WEB LDAP RADIUS
1. 8-4-1-1
2.
3. IP ,
IP IP IP
IP
- 25 -
AM
4 15
4 16 -
- 26 -
AM
MAC
4 17 -
IP IP IP
- 27 -
AM
() CTRLSHIFT ()
()
AM
4 18 -
4 19 -
- 28 -
AM
4 20 -
4 21
20
4-5
- 29 -
AM
4 22
AM
4-4
24
5-9-4
5-3-5 IP
IP
IP IP
KB
KB
KB KB
- 30 -
AM
4 23
5103060
4-4
4-6
AM
- 31 -
AM
4 24
AM
AM
4-7
AM
- 32 -
AM
4 25
AM
IP IP
IP IP
- 33 -
AM
KB
KB
4 26 -
5-5-1
1 AM
2.
and
4-4
- 34 -
AM
4 27 -
200
4-8
AM
5-3-1
5-5-4-1
4 28
AM
- 35 -
AM
IP IP
Web
- 36 -
AM
4 29 -
4 30 -
40 AM
- 37 -
AM
and
1.
2. & |
3.
4.
*
4-4
4 31 -
4-4
4-9
- 38 -
AM
4 32
4-4
IP IP
- 39 -
AM
4 33 -
4 34 - 2
5-5-4-2
- 40 -
AM
and
4-4
4-10
4 35
4-4
- 41 -
AM
POP3
IP () POP3
IP ()
IP IP
Mail Webmail Webmail SMTP
SMTP POP3 POP3 IP
pop3smtp webmail
4 36 -
- 42 -
AM
4 37
KB KB
Email Webmail
SMTP POP3
4-4
1.
2. & |
3.
4.
*
- 43 -
AM
4-11
4 38
QQMSNYahoo
4-4
IP ()
IP IP
MSN
- 44 -
AM
4 39 -
&
|
!
()
- 45 -
AM
MSNQQYahoo
4-4
5-6
4-12
4 40
4-4
Post
- 46 -
AM
Post IP ()
Post URL
4 41 -
Post AM
- 47 -
AM
4 42 -
1.
2.
3.
a.
b. & |
4-4
5-6-10
4-13 FTP
FTP
FTP
- 48 -
AM
4 43 FTP
FTP
4-4
FTP
FTPFTP
- 49 -
AM
4 44FTP -
IP~ IP 192.168.192.168
168
AM FTP
FTP
4-4
4-14 TELNET
TELNET
TELNET
- 50 -
AM
4 45TELNET
TELNET
4-4
TELNET
TELNETTELNET
- 51 -
AM
4 46TELNET -
TELNET
IP192.168.192.168168
4-4
4-15 HTTPS
HTTPS
HTTPS
HTTPS
- 52 -
AM
4 47HTTPS
HTTPS
4-4
HTTPS
HTTPSHTTPS
4 48 HTTPS -
4-4 HTTPS
- 53 -
AM
4 49 HTTPS -
4-4
4-16
MSNFTPHTTP
- 54 -
AM
4 50
MSNFTPHTTP
4-4
- 55 -
AM
4 51 -
KB
SMTPFTPMSNHTTP
4-4
4-17
4 52
4-4
- 56 -
AM
IP
4 53 -
4-4
4-4
- 57 -
AM
5.
AM
AM
5-1
5 1
AM
AM
AM
P2PFTP
QQFTP
- 58 -
AM
IP
WhoWhenWhat
Action
Who
6.
When
What
Action AM
9001800
WhoWhenWhat
/AM
Web
5 2
- 59 -
AM
5 3 1
5 4 2
5-2
AMAM
AM
IPAM
- 60 -
AM
5 5
IP
2
5 6
IP IP IP
5 7
1. 10
2. AM IP
IP
3. IP IP
- 61 -
AM
4.
Bypass IP IP
IP 192.168.1.1 192.168.1.200 IP
192.168.1.222 192.168.1.222
5-3
AM
5 8
BypassBypassAM
IPIPAM
AM
IPIPIP
AM
Bypass IP IP
- 62 -
AM
5-3-1
Web
5 9
/
URL ,""
URL
www.google.cn
sina.com.cn
baidu.com
1 URL
1 URL
- 63 -
AM
2 URL
5-3-2 Bypass
Bypass
AMBypass
5 10 Bypass
bypass
Bypass
Bypass
Bypass
- 64 -
AM
1.Bypass
Bypass sina.com.cn
www.sina.com.cn news.sina.com.cn sports.sina.com.cn sina.com.c n
2.Bypass
3. bypass AM DNS PC
AM DNS
5-3-3 IP
AMAM
5 11 IP
IP IP
IP
IP
IP
IP
IP IP
IP
1. IP 255.255.255.255
2. 5-4-5
3. IP IP
IP
- 65 -
AM
5-3-4
1
2
5 12
5-4-1
QQ
MSN YAHOO FTP TELNET HTTPS
HTTP
- 66 -
AM
5 13
5
6
1.
2.
3.
IP
IP IP IP
4.
5.
- 67 -
AM
6.
> IP>
5-3-5 IP
AMIPIPIP
IPIP
IP
IP
IPIP
IP
IPIP
IP
5 14 IP
IP
IP
IP IP
IP
1. IP 50 IP
2. 5-9-4
5-4
- 68 -
AM
5 15
6.
5-4-1
AM
- 69 -
AM
5 16
5 17
5-4-2
URL
4310
URL
- 70 -
AM
5 18
AM
AM
- 71 -
AM
5 19
1200 URL 43 10
web
1
news.sina.com.cn news.sina.com.cn
2
sina.com.cn sina.com.cn
www.sina.com.cn news.sina.com.cn sports.sina.com.cn
- 72 -
AM
news.163.com
news.google.comnews.google.com
news.google.com
2
2
AM
5 20
txt
- 73 -
AM
linux .txt
www.redhat.com
www.kernel.org
www.gnome.org
1 URL
URL news.sina.com.cn/2006
news.sina.com.cn/2006
2 URL
URL sina.com.cn sina.co m.cn
news.sina.com.cn sports.sina.com.cn
- 74 -
AM
5 21
5-4-3
Web
5 22
5 23
- 75 -
AM
5-4-4
AM
5 24
- 76 -
AM
5 25
MIME MIME
MIME
MIME 5
3
5-4-5
- 77 -
AM
5 26
AM
1 kbps
/
///
AM1GAM
10M AM10M
5 27
- 78 -
AM
AM
1G
5-24[]
5 28
//
5 29
- 79 -
AM
//
//
///
1.
2.
AM
5 30
//
2
0.
- 80 -
AM
5-4-6
AM200
AM
5 31
- 81 -
AM
5 32
5 33
TCPUDP
IP
IP IP 192.168.30.100192.168.30.200/101-110
4
- 82 -
AM
5 34 -
1.
2. 100
5-4-7
5 35
- 83 -
AM
5 36
windows
CCProxy CCProxy.exe CCProxy.exe
CCProxy
CCProxy
CCProxy.iniCCProxy.ini
- 84 -
AM
1 5 35
5 37
2+
5 38
e:\demo.txt
MD5
3
- 85 -
AM
MD5
1 5 35
5 39
2+
5 40
- 86 -
AM
WindowsXP regedit
PC
HKEY_LOCAL_MACHINE
5 41
Yahoo
\software\yahoo\pager
ProductVersion
REG_SZ
8.3.0.2
3
WindowsXPSP2
1 5 35
- 87 -
AM
5 42
2+
5 43
SP SevicePack
3
1. SP SP
2. SP PC
SP
- 88 -
AM
1 5 35
5 44
2+
5 45
- 89 -
AM
windows
360 360tray.exe360tray.exe
1.
2. PC
5-5
HTTP
5 46
FTP
- 90 -
AM
HTTP HTTP
5 47
HTTP
5 49
- 91 -
AM
5-5-1
AM15VoIP
SessionGamesIMP2PHTTP
5 48
5-4-1
- 92 -
AM
0
AM 200
5 49
() CTRLSHIFT ()
1. 6.
2.
- 93 -
AM
5-5-2
5 50
AM 200
1 AM
1 AM
5-5-1
- 94 -
AM
2
3
5-5-3
FTP
5-4-5
1
2
- 95 -
AM
5 51
AM 200
FTPDNS FTP
5-5-1
1.
2.
5 52
1
2. IP IP TCP/UDP/ICMP
5-5-4
HTTP
- 96 -
AM
5-5-4-1
AM
mp3http
5 53
CPU
4-8
1.
2 HTTP
3.
HTTP
- 97 -
AM
HTTP
HTTP
2 5-5-1
+
1
AM
+
5-4-2
2
AM
+
5-4-3
3
AM
+
5-4-4
5 54 -Web
HTTP
HTTP
HTTP
- 98 -
AM
/ /
2
2
3
3
AM
5-5-4-2
1
1
5 55 WEB
- 99 -
AM
AM
OR AND AND
OR
5 56
5-5-1
2
2
- 100 -
AM
6-2
5-4-1
5-5-4-3 HTTP
HTTP
HTTP
1HTTP
1
5 57 HTTP
AM
HTTP
HTTP
- 101 -
AM
HTTP
HTTP
HTTP
HTTP HTTP
5-5-1
2
2
Http 1000kb
doc
>= 1000
http doc 1000kb
1000kb
http
5-6
QQMSNYAHOO
- 102 -
AM
FTPTELNETHTTPS
5 58
AM
AM
IE
5-6-1
AMSMTP
YahooSohu163126HotmailTomSinaGmailQQmailexcite
gooinfoseeklivedoorWebmailWebmail
- 103 -
AM
AM
1
1
5 59
5-5-1
SMTP
SMTP SMTP
- 104 -
AM
SMTP
1. <= 50KB
50KB
2. >=<= 100KB
100KB
3.
SMTP 6 OR AND AND
SMTP 6 OR
1. ,
2.
1. 8-4 -22
2. ;
,
2
2
- 105 -
AM
1.
2. KB 10240KB 307200KB 300M
5-6-2
AMPOP3
POP3
1
1
5 60 POP3
5-5-1
POP3
POP3 POP3
POP3 POP3
POP3
- 106 -
AM
1. ,
2.
1. 8-4 -22
2. ;
,
2
2
5-6-3 QQ
QQ
5 61 QQ
- 107 -
AM
QQAM
QQ QQ
QQ
1. 5-5-1
2. 6-4
3. QQ QQ2009
5-6-4 MSN
AMAM Windows
Messenger, MSN Messenger, Windows Live MessengerMSN
MSN
MSN
1MSN
1
- 108 -
AM
5 62 MSN
MSN 5-5-1
AM
MSN
MSN
MSN
AM
- 109 -
AM
ab MSN ab
4
1.
2. MSN
3. AM MSN 9.0
MSN MSN
MSN
MSN
MSN
.*\.doc$ doc
4
OR AND
AND OR
MSN MSN
1. ,
2.
- 110 -
AM
1. 8-4 -22
2. ;
,
2
2
3
3
1. MSN
2. MSN
MSN
MSN
MSN
MSNMSN
MSN
MSN
MSN
abc@hotmail.com
abc@hotmail.com
abc@hotmail.com
5-6-5
AMAM
- 111 -
AM
5-6-6 YAHOO
AMAMYAHOO
YAHOO web Messenger
YAHOO
5-6-7 FTP
FTPFTPFTP
FTPFTP
1FTP
1
5 63 FTP
6.4.1
FTP
FTP FTP
- 112 -
AM
4
FTP
FTP
4
2
2
1. FTP
2. KB 10*1024KB 300*1024KB
5-6-8 HTTPS
HTTPSSSL/TLShttp
https
httpshttps
HTTPS
1HTTPS
- 113 -
AM
5 64 HTTPS
HTTPS 5-5-1
HTTPS
HTTPS HTTPS
https
https
https AM
https AM AM
https AM AM
https
VeriSign Class 3 Extended Validation SSL SGC CA
5 65
- 114 -
AM
112
1000
mybank.icbc.com.cn
Https
https
HTTPS
HTTPS
2
2
5-6-9 TELNET
TELNETTELNET
TELNETTELNET
1TELNET
1
5 66 TELNET
TELNET
5-51
TELNET TELNET TELNET
TELNET AM
- 115 -
AM
TELNET IP
2
2
3
3
1. Telnet Windows
2. BBS Telnet
5-6-10
HTTPPostBBS/
Post
1
1
5 67
5-5-1
- 116 -
AM
BBS
1 URL
URL news.sina.com.cn/2006 news.sina.com.cn/20 06
2
2
3
3
1
2
8-4-2-2
5-7
5-7-1
- 117 -
AM
5 68
5 69
5-5-1
5-5-1
//
+
5-4-7
- 118 -
AM
3
4
5
6
7
+
8
9
6-4-1
10
5-7-2
- 119 -
AM
5 70
5-5-1
5-5-1
5-4-7
2
3
4
+
5
6
5-8
1
1
- 120 -
AM
5 71
//
2/
5 72
/
/ kbps
- 121 -
AM
5-9
AM
ARPAM
5 73
IP
- 122 -
AM
5-9-1
5 74
AM Web ARP
ARP
10
1.
2.
1 200
2
- 123 -
AM
IP/MAC IP/MAC
IP
000
IP
IPMAC
5-9-2
AM
IP
1.
2.
3 .
IPIP
1
1
- 124 -
AM
5 75
IP IP
// AM
// AM
KB/
KB/
KB/ AM
//
// AM 40
- 125 -
AM
5 76
2IPIP
2
3
3
5 77
- 126 -
AM
AM
AM
IP
____
____
____ IP
IP
IP
1.
2 .
5-9-4
3 .
5 78
1.
- 127 -
AM
2. UltraEdit
3. 65535
4
4
5
5
6
6
1. 8.
2.
5 79
AM 7
5-9-3
AM
- 128 -
AM
IP
1.
2.
3.
1
1
5 80
// AM
KB/
KB/
KB/ AM
AM TCP
IP AM IP
2
5 81
- 129 -
AM
3
3
4
4
1. 1 4
2 . KB/ KB/S
3 . 64
5
5
5 82
AM 7
5-9-4
000
- 130 -
AM
IP
IP
1
IP
5 83
1. IP 192.168.30.252. IP IP
2. IP IP
IP IP
2IP
IP
IP
1/IPMACIP
2*
- 131 -
AM
IP
5-9-5
AM
Web
1
1
5 84
Web Web
2
2
3AM
3
1.
2.
- 132 -
AM
5-10
Web
Web
5 85
5 86
- 133 -
AM
5 87
1
2. 100k
3 jpg jpeg gif png bmp
4
-USER-:
-IP- IP
-URL- url
-REASON-:
-DETAILED_REASON-:
5-11
1
1
- 134 -
AM
5 88
IP IP Bypass
IP IP
IP
IP IP
IP
2
2
IP
IP IP
- 135 -
AM
6.
AM
AM
AM
6 1
IP
6-1
AM AM
IP LDAP
6-1-1 IP
AMIPIPIP
- 136 -
AM
6 2 IP
6-1-1-1 IP
IPIP
1IPIP
1
6 3 IP
IP IP IP
MAC
192.168.10.11 00:14:78:23:C6:5E
192.168.10.12 00:13:20:4D:AA:28
192.168.10.13 00:36:A3:EF:82:1D
1.MAC
2.IP MAC
3.
- 137 -
AM
2
2
6 4 -IP -
IP MACIP MAC
MACMAC
IPIP
AM IP
6-2
AM
3
3
4
4
56.2
5
6-1-1-2 IP
IPIP
- 138 -
AM
1
1
6 5 IP
AM IP
2
2
6 6
IP
IP IP
SNMP
3
3
AM
AM MAC
PC MAC
4IPIPIP
4
IP192.168.10.1-192.168.30.255
- 139 -
AM
5
5
6
6
6 7 IP
7
7
6 8 IP -
IP
AM IP
MAC
8
8
9
9
10
10
10 6-2
- 140 -
AM
1
1
2txtIP
2
192.168.1.10
192.168.10.12-192.168.10.155
192.168.30.68-192.168.40.255
3AM
3
IPIPPCMAC
6-1-2 LDAP
LDAPLDAP
LDAP
6 9 -LDAP -
LDAP LDAP
AM
LDAP
LDAP
LDAP
- 141 -
AM
6-1-2-1
LDAP LDAP
AM LDAP
1LDAP
1
6 10 -LDAP -
LDAP LDAP
LDAP
LDAP LDAP IP
LDAP 389
BaseDN
BaseDN
BaseDN
[ ou= 2 ou=1 dc=N dc=2 dc=1 ]
LDAP eng.qa2000 1 com \eng.qa2000\com
qatest AM
ou=qatest,dc=eng,dc=qa2000 eng.qa2000
dc=eng,dc=qa2000
- 142 -
AM
LDAP
LDAP
AD LDAP
2LDAPLDAP
2
LDAP
6 11 -LDAP -
1. LDAP
2. 10 LDAP
6-1-2-2
LDAP LDAP
LDAP
- 143 -
AM
1LDAPLDAP
1
2LDAP
2
6 12 -LDAP -
1. LDAP
2. LDAP LDAP
LDAP
LDAP
3
3
4
4
5
5
1. LDAP
2. LDAP AM
- 144 -
AM
6-1-2-3
LDAP
LDAP
1LDAP
1
2LDAP
2
6 13 LDAP
3LDAPLDAP
3
4
4
5
5
6
6
1. LDAP
2. LDAP
- 145 -
AM
6-1-2-4
LDAP AM LDAP
LDAP
1LDAPLDAP
1
6 14 -LDAP -
2
2
3
3
LDAP
6-1-3
1txtcsv
1
IPMAC
IPMAC
web
Web
- 146 -
AM
txt csv
Txt MAC :
6 15 - txt
6 16 - csv
2
2
txtcsv
6 17 -
3
3
- 147 -
AM
6 18 -
IP
MAC
4
4
5
5
6-2
AM Web
MAC
SOCKS
6 19 -
ROOT IP
ROOT
ROOT ROOT
/ IP/MAC
6-2-1 ROOT
ROOTROOT
- 148 -
AM
6-2-1-1
ROOT
ROOTROOT
6 20
AM
6-2-1-2
1
1
- 149 -
AM
6 21
2
2
3
3
6-2-1-3 IP
IPIPIP
IPIPIP
IP
1
1
IP
- 150 -
AM
6 22 IP
IP IP IP
IP IP IP
1.IP IP
2.
2
2
3IP192.168.40.100IP192.168.40.200
3
FTPIP192.168.40.186
1. IP IP 6-4-1-2
IP
2. IP IP
- 151 -
AM
6-2-1-4
1
1
6 23
6-2-1-2
2
2
- 152 -
AM
6 24
3
3
6 25 1
4-
4
- 153 -
AM
6 26 2
1.
2.
3.
4.
5
5
- 154 -
AM
6-2-1-5
IP
1
1
6 27
- 155 -
AM
6-2-1-4
AM
IP IP
MAC MAC
IP MAC
IP/IP
6-2-1-7 IP/
IP/ MAC IP MAC IP MAC
IP
MAC IP IPMAC
IPMAC AM
IP/MAC
6-4
AM
SOCKS
SOCKS SOCKS
SOCKS SOCKS 8-4-1-2
6-2-1-2
3
3
4
4
6-2-1-6
IP
1
1
- 156 -
AM
6 28
IP
IP IP IP IP
6-2-1-5
3
3
4
4
6-2-1-7 IP/
AMIP
AM Microsoft ISA IP
AM IP
IP 192.168.196.11 IP
- 157 -
AM
192.168.196.21
IP 192.168.196.11 Web
1. IP/
2. IP IP/
3. IP IP/
IP
6-2-1-8 IP/MAC
AMIPMACIPMAC
IPMACIP192.168.196.11 00:11:22:33:44:55 MAC 11:22:33:44:55:66
IP192.168.196.11MAC00:11:22:33:44:55IP
192.168.196.21
1. IP/MAC
2. IP IP/MAC
3. IP IP/MAC IP
MAC
4 . IP/MAC IP/
IP/MAC
1. MAC IP
2. IP IP
3. IP/MAC IP/MAC
IP/MAC
1 IP/MAC
2 IPMAC
3 MAC IP AM
IP
- 158 -
AM
6-2-1-9 SOCKS
SOCKSSOCKS
SOCKS
SOCKSAMAM
AMSOCKSSOCKS
AMSOCKS
1
2 web socks
SOCKS
3 SOCKS
4 SOCKS
5 AM AM
6 AM
SOCKS 8-4-1-2
6-2-2 IP
ROOTIP
ROOT
ROOT
IP ROOT IP
IP ROOT IP
- 159 -
AM
6-3
1
1
6 29
IP IP
MAC MAC
2
2
6 30
3
3
Excel
- 160 -
AM
6-4
AMAMAM
6 31
WEBWEB
6-4-1
AM
- 161 -
AM
6 32
AM
AM IP
AM IP HTTP MAC
AD
QQ
QQ AD
WEB AM
WEB WEB LDAP RADIUS
- 162 -
AM
6-4-1-1
6 33
- 163 -
AM
AD
PC
PC
IP MAC
AM
http
http
MSNQQ
http
AM
MAC
MAC MAC
- 164 -
AM
PC
IP PC
AM
AM AM
AM AM
IP
IP
AD
WEB
WEB
WEB
AM WEB LDAP RADIUS
6-4-1-2 IP
AMIPIPIP
IP
IP
ROOT
IP IP
- 165 -
AM
6-4-1-3 HTTP
HTTP
AMIP
HTTP
HTTPNTLMBASIC
HTTP
6 34HTTP
NTLM
NTLM
NTLM
NTLMNTLAN ManagerNTLMAM
AMHTTPIP
IP-
IP-
1 NTLM
2 NTLM
3 HTTP AM
NTLM
4
IEweb
1. ISA NTLM
2. NTLM
HTTP
- 166 -
AM
3.
BASIC
BASIC
BASIC
BASIC
AMBASIC
NTLM
BASIC
AMBASICAM
AMBASIC
AM
8-4-1
2 HTTP
3 HTTP
BASIC
4
5 HTTP
6
IEweb
1. BASIC
HTTP
2.
- 167 -
AM
6-4-1-4 MAC
IPMACMACIP
MAC
MAC
ROOT MAC
IP IP MAC
6-4-1-5
Single Sign On
AM
AM
AM
AM
AM
POP3 Kerberos PPPOECAMS
AD
6 35
- 168 -
AM
POP3
POP3
POP3
POP3AM
1
2 POP3
3 IP 211.100.26.54
mail.sina.com
IP
4 110
POP3
5
6
7
POP3AM
6 36 -POP3
1. AM
IP
2. ROOT
ROOT
3.
IP IP
- 169 -
AM
Kerberos
Kerberos
Kerberos
ADKerberosKerberos
AM
1
$ AM
2 6 35 Kerberos
3 IP 192.168.30.252:88
eng.qa2000:88 192.168.30.252
88
4
5
6
AMIP
6 36
1. ROOT
ROOT
2.
IP IP
PPPOE
PPPOE
PPPOE
PPPOEPoint-to-Point over EthernetPPP
PPP
PPPOE
1 PPPOE
2 6 35 PPPOE
3
- 170 -
AM
6 37 PPPOE
4 PPPOE
5
6
PPPOE AMIP
6 36
1. ROOT
PPPOE ROOT
2.
IP IP
PCDHCP
IPIPPC
- 171 -
AM
PC
1 6 35
2
AMPC
6 38
1.
2.
+MAC
PC
MAC
CAMS
CAMS
CAMS
CAMS
AMCAMSCAMSCAMS
AMCAMSAM
AD
AD
AD
KerberosADAD
ADwindowsAPI
ADAD
- 172 -
AM
6-4-1-6 AD
ADWindowsADAMAM
ADAMAD
QQQQAMQQ
17.AD
1
2LDAPLDAP
2
ADAD
3AD
3
6 39 AD
4IP
4
AD
Active Directory
5AD
5
6
6
7
7
8
8
- 173 -
AM
6 40
8PC
6 41 AD
AD
9AD
9
AD
6 42 AD
- 174 -
AM
1.
2.
6-4-1-7
QQQQ
AMQQ
AD
1
28-1
6 43
1.
IP IP
2.
6-4-1-8
AM
AM
- 175 -
AM
AM
QQQQ
AMQQ
1
2
6 44
1.
A
B B
A
2.
3.
6 40
- 176 -
AM
6-4-1-9 WEB
WEBAMAMWEB
1 6-2-1-5
2WEB
6 45 WEB
3WEB
46-4-3
- 177 -
AM
6-4-1-1
6-4-1-10 LDAP
AMLDAP
LDAP
1LDAP
1
2LDAP
6 46 LDAP
LDAP
6AD
IP
IP LDAP IP
389
LDAP LDAP LDAP
administrator eng.qa2000 users
cn=administrator,cn=users,dc=eng,dc=qa2000 ADLDAP
administrator@eng.qa2000
- 178 -
AM
BaseDN
BaseDN
BaseDN [ ou= 2
ou=1 dc=N dc=2 dc=1 ]LDAP
eng.qa2000 1 com \ eng.qa2000\ comcom
AM ou=
com,dc=eng,dc=qa2000 eng.qa2000
dc= eng,dc= qa2000
cnuid
=%s
AD LDAP sAMAccountName=%s
sun LDAP uid=%s
novell edirectory LDAP uid=%s
openldap LDAP cn=%s
s%
sAMAccountName
sAMAccountName=%s
LDAP
LDAP LDAP 2 3
LDAP
TLS
TLS LDAP TLS
3
3
4LDAPLDAP
4
6 47 LDAP
LDAP
- 179 -
AM
AD LDAP
3LDAP
4WEB
6-4-1-1
6-4-1-11 RADIUS
AMRADIUS
1RADIUS
2RADIUS
6 48 RADIUS
IP
IPRADIUS IP
RADIUS 1812
RADIUS
- 180 -
AM
RADIUS
UTF-8 GB2312
3RADIUS
46-4-3
1.
2.
6-4-1-1
6-4-1-12
AM
1
2
6 49
- 181 -
AM
IP mail.sina.com
202.108.43.230
IP
3
46-4-3
6-4-1-1
6-4-2
AM
AM
AM
- 182 -
AM
6 50
IP
- 183 -
AM
6 51
IP IP
IP IP
IP HTTP
IP
IP
IP
IPIPIP
IPIP
IPIP
1.
IP IP
2. IP
IP
192.168.30.41
~192.168.30.60
AD
192.168.30.45
- 184 -
AM
192.168.30.50
~192.168.30.254
LDAP
192.168.30.252
192.168.30.101
~192.168.30.120
-POP
192.168.30.6
1
2 LDAP AD
POP3
3
4 IP 192.168.30.41~192.168.30.60
AD
5 IP 192.168.30.50~192.168.30.254
LDAP
6 192.168.30.45192.168.30.252192.168.30.6
192.168.30.101~192.168.30.120 IP
7
192.168.30.41~192.168.30.49 AD
192.168.30.50~192.168.30.60 AD LDAP
192.168.30.60~192.168.30.255 LDAP
192.168.30.101~192.168.30.120 IP
6-4-3
AMWEB
AM
AM
- 185 -
AM
6 52
LOGO
LOGO
Web AM
- 186 -
AM
6 53
6 54 -
- 187 -
AM
6 55 -
Web
6 56
Web
- 188 -
AM
6 57
AMIP
6-4-4
AMAM
URL
1 URL
1
6 58
2
2
1
2 http://
3
- 189 -
AM
7.
AM
AM
7 1
7-1
- 190 -
AM
7-1-1
AMEXCEL
7 3
7 2
7 3
- 191 -
AM
7 4
7 5
1.
8-4-2-2
2. IP IP
IP
3.
- 192 -
AM
7-1-2
AM
7 6
4-4
- 193 -
AM
7 7
4-4
AM
7-1-3
4-8
7-1-4
4-9
7-1-5
4-10
- 194 -
AM
7-1-6
4-11
7-1-7
4-12
7-1-8
AM
7 8 -
4-4
- 195 -
AM
4-4
7-1-9
AM
P2 P
7-1-10
AM/
- 196 -
AM
7 9
- 197 -
AM
7 10
1.
A 900 10 00 MSN 13 00 16 00 MSN
A 9 00 16 00 MSN
2. AM 7-1-1
- 198 -
AM
7-1-11 FTP
4-13 FTP
7-1-12 TELNET
4-14 TELNET
7-1-13 HTTPS
4-15 HTTPS
7-1-14
MSNFTP
HTTP
7 11
flashget
httpAM
- 199 -
AM
7 12
exe
qqjpg
0~500 501~1000
1001~1500
1. 4-4
2.
7-2
Drill-down
AM
::
Web//
AM
///
Web /
///
SMTP/Webmail/POP3
- 200 -
AM
//
Drill-down)
(Drill-down)
Drill-down)
7 13
7-2-1
- 201 -
AM
7 14 -
4-4
7 15 -
- 202 -
AM
7-2-2
Drill-down
7 16
-Drill-down
-Drill-down
-Drill-down
Drill-down
7 17
- 203 -
AM
7 18
Drill-down
Excel
1
1
7 19
2 Excel
2
AMExcel
- 204 -
AM
7 20 Excel
Excel
7 21
1. 8-4-2-2
2. ,
Drill-down AM
1
1
7-2-1
- 205 -
AM
7 22 -
4-6
7 23 -
27-2-2
2
Drilldown
7-3
AM
AM
7-3-1
AM
AM
- 206 -
AM
AM
1
1
7 24
4-4
TOP 100
TOP 100
AM TOP
- 207 -
AM
1.
2. 20
100 TOP 100 50
50
5
5
7 25
PDF DOC
2
2
- 208 -
AM
7 26
3
3
AM
8-4-2-2
7-3-2
- 209 -
AM
7 27
7 28 -
PDF PDF
DOC DOC
- 210 -
AM
7-3-3
AM
7 29
4-4
- 211 -
AM
7-3-4
7-3-4-1
- 212 -
AM
7 30
TOP 100
1. TOP 100
2. TOP
20 100
100
AM TOP
1.
2. 20
100 TOP
- 213 -
AM
10
/
7 31
7 32
- 214 -
AM
7 33
7 34
PDF DOC
PDF DOC
- 215 -
AM
7-3-4-2
7-3-4-1
7-3-4-3
- 216 -
AM
7-3 4-1
7-3-4-4
7-3 4-1
7-3-4-5
- 217 -
AM
7-3 4-1
7-3-4-6
7-3 4-1
7-3-5
7-3-5-1
- 218 -
AM
7 35
7-3 4-1
7-3-5-2
7-3
- 219 -
AM
4-1
7-3-5-3
7-3 4-1
7-3-5-4
7-3- 41
- 220 -
AM
7-3-5-5
7-3-4-1
7-3-6
AM
7 36
2
3
7-3- 41
- 221 -
AM
8.
8 1
AM
AM
AM
AM
AM
- 222 -
AM
8-1
8 2
AM
DHCP DHCP
HTTP HTTP
SOCKS SOCKS
URL URL
URL URL
- 223 -
AM
8-2
AMAM
ns25000
8 3 -
2
2
8 4
// AM
ns25000
- 224 -
AM
8 5
8 6
1. ns25000
2.
- 225 -
AM
3. AM AM ,
AM
6.
4.
5.
6. IP 15
AM
7
8-3
AM AM
AM AM
8-3-1
AM
8 7 -
IP IP
- 226 -
AM
255.255.255.0
eth2eth3
AM
AM
IP IP
8-3-2
8 8
8-3-3
8-3-3
AMIPhttps://192.168.1.23
- 227 -
AM
8 9
AM
2. AM
8-3-3-1
1AM
IP AM IP 192.168.1.23
IP 255.255.255.0
AM / IP
192.168.1.254
AM
- 228 -
AM
2DNSDNSDNS
3TrunkIP8-3-4
4
1 AM AM
192.168.1.23
https://192.168.1.23 AM
2 . AM HUB
3. 2-1
8-3-3-2
1 8 9
- 229 -
AM
8 10
IP
1 eth0 eth1
2 eth2 eth3
2
1. HTTP
2. AM TRUNK
3.
4. IP
HTTP
AM AM
- 230 -
AM
8-3-3-3
AMAM
AM
1 8 9
1
8 11
2
2
- 231 -
AM
8 12 -
IP IP
ADSL ADSL
AM
0~256 0
3
3
4DNS
4
58-3-4
5
6
6
7
7
1 AM AM
AM IP
2 IP IP
3 AM AM
192.168.1.23
- 232 -
AM
https://192.168.1.23 AM
4 . AM HUB
5. 2-3
8-3-3-4
1
1
IEIPAM
8 13
8 14 -
- 233 -
AM
10.0.0.0/810.0.0.1-10.255.255.255;
172.16.0.0/12(172.16.0.0-172.31.255.255);
192.168.0.0/16(192.168.0.0-192.168.255.255)
IP IP
AM
3/8-4-4
3
45-2
4
5
5
8 15 -
web IP IP IP
6
6
- 234 -
AM
8 16
7
7
1
2.
IP
VLAN
3.
IP
https://192.168.1.23 IP
4.
5. 2-4
8-3-4
VLANAMIPTRUNK
- 235 -
AM
8-3-4-1 IP
IPAMIPIPAM
8 9 IP
8 17 - IP
IP
IP IP 192.168.10.60 AM
IP 255.255.255.0
IP
8-3-4-2
AM
8 9
- 236 -
AM
8 18 -
IP IP
VLAN
VLAN
IP
192.168.2.1 IP
IP
192.168.2.1
IP
192.168.1.52
192.168.1.10 IP
192.168.1.52 192.168.1.10
8-3-4-3 TRUNK
AMVLANTrunk
TrunkVLANTagVLAN
802.1Q VLAN Trunk ProtocolVLAN Trunk
()(Point-To-Point Link)Trunk
- 237 -
AM
VLAN
VLAN
8 19 VLAN Trunk
TRUNKVLANIPVLAN IDAM
VLAN
8 9 Trunk
8 20 Trunk
VLAN
VLAN VLAN IP VLAN ID
IP VLAN IP
Trunk
Trunk Trunk
- 238 -
AM
2TRUNK
2
1 . Trunk
2 VLAN IP AM IP
3 Trunk
VLAN IP AM
4 Trunk VLAN id
IP /IP
192.168.196.254AMIP
8-3-4-4 VPN
AMCNP
AMAMIP
AMAM
VPN
1AMAM
2IPVPN
3AMVPN
- 239 -
AM
8 21 VPN
4VPNIP
5VPN
AMVPN IP
6VPNVPN IP
VPN
8-3-4-5
IP
1
- 240 -
AM
8 22
2IPIP
8-4
- 241 -
AM
8 23
8-4-1
8-4-1-1
AM
HTTP
WEB
DHCP
Bypass
STP
URL
SNMP
HTTP
HTTP
HTTP
AM
- 242 -
AM
8 24 --HTTP
8 25 --HTTP
1.
2.
WEB
WEB
WEB
WEB
- 243 -
AM
8 26 --WEB
web
web URL
web
web URL
AM
sohu
8 27 --
() IP
() AM IP
- 244 -
AM
8 28 --
AM ()
AM
P2 P
AM
80
8 29 --
1 NTLM
- 245 -
AM
2. BASI C
3. Bypass
DHCP
DHCP
DHCP
IPAMDHCPIP
8 30 --DHCP
DHCPDHCP
8 31 --DHCP
DHCP DHCP IP
Bypass
Bypass
Bypass
- 246 -
AM
BypassLanbypssBypassAM
Bypass
AM
8 32 -- Bypass
Bypass
Bypass Bypass
Bypass
Bypass Bypass
Bypass:OFF
Bypass:OFF AM Bypass
Bypass:ON
Bypass:ON AM Bypass
1.
2. Bypass
Bypass
3. bypass bypass
bypass
bypass
Bypass Bypass
8 33 Bypass
Bypass
Bypass
bypass
Bypass
Bypass
Bypass
Bypass
- 247 -
AM
STP
STP
STP
STPSTP
8 34 STP
URL
URL
URL
URL
8 35 URL
1. URL 0.0.436
URL
URL
URL 0.0.436
2. URL
SNMP
SNMP
SNMP
SNMPSimple Network Management ProtocolSNMP
AMSNMP
AMIPSNMP
- 248 -
AM
8 36 SNMP
8-4-1-2
AM
AMHTTPSOCKS
- 249 -
AM
8 37 -
HTTP
HTTP
HTTP
HTTP AM HTTP
HTTP 90 15
1-65535 80
HTTP HTTP
HTTP(GET/POST) HTTP(CONNECT)HTTP CONNECT
TCP
HTTP FTPIRCRM
- 250 -
AM
1~65535
128
4320 3
96MB- 1/8
1024KB~10240KB
8KB~1024KB
30 1
AM
AM HTTP AM
AM
AM IP
SOCKS
SOCKS
SOCKS
SOCKS AM SOCKS
SOCKS 1 1080
102465535
-- SOCKS SOCKS
-- SOCKS SOCKS
SOCKS
SOCKS SOCKS
SOCKS
AM
AM
AM
AM
- 251 -
AM
8 38
HTTP HTTP
HTTP HTTP
/=
HTTP
DNS DNS
1.
8-4-1-3
AMURL
URL
1
- 252 -
AM
8 39
2
2
3URL
3
9. 10.
4
4
8-4-1-4
AM
8 40
- 253 -
AM
AM WEB
8-4-2
8-4-2-1
AM
8 41 -
AM
Internet
,
Internet Internet
4:02
Internet
- 254 -
AM
Internet
1.
2.
8-4-2-2
AM
8 42 -
IP 25
smtp
- 255 -
AM
2
2
AM
8-4-2-3
AMwebIP
1
8 43
IP
IP
- 256 -
AM
IP IP IP IP
2IP
3
4
IPAM
1. AM IP IP
2. IP IP IP 10
3. IP
8-4-3
8-4-3-1
- 257 -
AM
8 44
2request_license
3AM
- 258 -
AM
8 45 -
1.
2.
8-4-3-2
AMAM
AM
- 259 -
AM
8 46
8 47 -
- 260 -
AM
8-4-3-3 URL
AMURLAM
AMURL9.
8-4-3-4
AMAM
AM9.
8-4-4
8-4-4-1
1/
8 48
- 261 -
AM
8 49 -
8-4-4-2
1/
8 50
- 262 -
AM
8 51 -
8-4-4-3
- 263 -
AM
8 52
1 5
3 30 10
3650
8-4-4-4 FTP
FTP
FTPTELNETHTTPS
1FTP
8 53 FTP
FTP
- 264 -
AM
FTP
FTP FTP
2. FTP , FTP
8-4-4-5 USB
USB
1USBAMUSB
2USB
2
8 54 USB -
3USB
3
- 265 -
AM
8 55 USB --
USB USB
AM
3 .xls Excel
Accesslog
USBAccesslog
Accesslog
- 266 -
AM
8 56 USB -
8 57 USB -
8-4-5
8-4-5-1
IP/MAC PING Traceroute TCPDUMP CURL
NSLOOKUP
1
- 267 -
AM
8 58
2
2
IP/MAC ()IP
IP MAC MAC
MAC IP
PING ()IP
IP
Traceroute
Ping Ping
IP IP MAC
MAC IP
CURL URL
HTTP/HTTPS/FTP/FTPS/DICT/TELNET/LDAP/FILE GOPHER
Curl URL
NSLOOK DNS
TCPDUMP IP IP IP
- 268 -
AM
TcpdumpIP
IP1 100000
Tcpdump
pcap
8 59 Tcpdump
8-4-5-2 /
AM/
8 60 -/
- 269 -
AM
8-4-5-3
AMIP
IP
8 61
AMAMFTP10.10.1.2
PCFTPIPTCP
IP
IP
IP
IPIPAMIP
1AMIP202.64.58.130
IPIP
IPIP202.64.58.131IP
IP IP
2
- 270 -
AM
8 62 -
8 63 -IP
FTP10.10.1.2AMIP202.64.58.131
FTP
4
5
FTP
PC FTP
10.10.1.130/255.255.255.0
AM
- 271 -
AM
8 64 -TCP
FTP10.10.1.2
AM1998FTP21
PC FTP IP
2
3
FTP
1. 20
2.
8-4-6
8-4-6-1
AMAM
AM
- 272 -
AM
8 65
HTTP HTTP
2 50 20
2
3
4
8-4-6-2
- 273 -
AM
8-4-6-3 URL
URLURL
URL
8-4-6-4
8-5
AM
8 66
8-5-1
- 274 -
AM
8 67
excel
8-5-2
- 275 -
AM
8 68
1231
ok
1. 5
4
2. AM Host AM
8-5-3
5-9-2
8-5-4
5-9-3
- 276 -
AM
8-5-5 Web
webweb
web Web
8 69 Web
WebIP
WebWebWeb
- 277 -
AM
8 70 Web -
IPIPURL
8 71 Web -IP
- 278 -
AM
1. Web AM
AM Web AM
2. Web Web
3. AM 7 Web
8-5-6 ARP
ARP
ARPIPARP
8 72 ARP
ARP IP
MAC
ARP IP/MAC AM MAC IP
IP MAC MAC
ARP MAC AM IP-MAC ARP
IP/MAC
IP
- 279 -
AM
8 73 ARP
MACARPIP/MAC
ARPIP/MACARPIP/MAC
IP/MACARPIP
ARPMAC
IP-MACARP
8 74 ARP IP/MAC
1 AM ARP IP
MAC
ARP
2. AM 7 ARP
8-5-7
5-9-2
- 280 -
AM
8-5-8
AM
IP
IP AM IP
8 75 - IP
AM TCP
8 76 -
AM
- 281 -
AM
8 77 -
AM
8 78 -
30
8-5-9
AM
/
- 282 -
AM
8 79 -
8 80 -
8 81
- 283 -
AM
IP
IP100
1.
2.
3.
8-5-10 IP
AMIP/MACIP
IP
1IP/MAC6-2-1-8 IP/MAC
1
2
2
3IPMAC
3
IP/MACIPIP
IP
8 82 IP
1. - -
2. IP IP
IP IP IP
- 284 -
AM
IP
8-6
1.
2. AM
AM
8 83
IP IP windows IP
AM AM
AM com
AM 9001
windows
windows
windows
- 285 -
AM
9.
9-1
URLURLURL42
8Web
WebWeb
URLAM
URL
P2P
9-2 URL
1
1
1. AM URL
2. URL
28-4-3-2
2
3URLns25000AM
3
URL
- 286 -
AM
9 1 URL
URL URL
URL URL
URL
" ",
- 287 -
AM
9-3
AM URL
URL
- 288 -
AM
AM
AM
URL
MIME
AD
AD
- 289 -
AM
1AM
Web
https://192.168.1.23
ns25000 ns25000
IP
192.168.1.23/255.255.255.0
192.168.1.1
- DNS
192.168.1.1
--HTTP
--WEB
--
--
--
--DHCP
-- Bypass
Bypass Bypass:OFF
Internet
-URL
30
- Trunk
--
-
ROOT
IP
-
-Bypass
Bypass
- 290 -
AM
-
-
- QQ MSN
YAHOO FTP HTTPS
TELENT
-
--
--
--
- 24
60
TOP 5
TOP 10
TOP 10
-
-
Drilldown
TOP10
- 291 -
AM
FTP
DNS
HTTPS
HTTPS
IRC
IRC
ICMP
ICMP
TFTP
TFTP
DHCP
NTP
NTP
RTSP
RTSP
MMS
( HTTP )
FINGER
GOPHER
Gopher
WHOIS
a query/response protocol
MIP
Mobile IP
H.323
SIP
V2 Conference
Q.931
Q.931
H.245
H.245
RTP
RTP
RTCP
RTCP
T.120
T.120
SDP
SDP
G.723.1
SIP
H.263
SIP
RTCP
SIP
SIP ()
V2 Conference
V2 Conference
V2 conference
MGCP
T.120
SMTP
DNS
FTPS
VoIP
POP3
IMAP4
SMTP
SMTP
SMTPs
SMTPs
Message Submission
Message Submission
POP3
POP3
POP3s
POP3s
IMAP4
IMAP4
- 292 -
AM
IMAP4s
LotusNotes
LotusNotes
MS-Exchange
MAPI
GIOP
FileMaker
PostgreSQL
MSSQL
TNS
OEM
iSQLPlus
iSQLPlus Data
Citrix-IMA
Citrix-ICA
UDP
TCP
ICA TCP
ORACLE
Citrix
Session
MAPI
DCOM
NNTP
Telnet
Telnet
ssh
ssh
PCAnywhere
PCAnywhere
CVS
Games
IMAP4s
VNC
RTelnet
UT Game
UT Game
- 293 -
AM
online
online
HTTP
HTTP
VS
VS
QQ
Online
Online
3D
()
- 294 -
AM
IM
MSN
Yahoo
Online
QQ QQ QQ
2008
QQ2008
2009
QQ2009
2008
QQ2008
2009
QQ2009
HTTP
HTTP
- 295 -
AM
HTTP
HTTP
HTTP
HTTP
UC
Skype
ICQ/AIM
Google Talk
HTTP
HTTP
Lava-Lava
Lava-Lava
Hi
Hi
BitTorrent
eDonkey/eMule
P2P
DHT
DHT
Tracker
Tracker
BitComet
BitComet
BitTorrent
DHEv1
DHEv1
DHEv2
DHEv2
MSE
MSE
KAD
KAD
VeryCD
VeryCD
Gnutella
Gnutella
KaZaA(FastTrack)
KaZaA(FastTrack)
POCO
Kugoo
Vagaa
POCO2006
POCO2006
POCO2007
POCO2007
Kugoo
HTTP
HTTP
UDP
UDP
P2P
P2P
HTTP
HTTP
- 296 -
AM
Web
V2
V2
V3
V3
WinMX
WinMX
Winny
Winny
Share
Share
Maze
Maze
PP
FrostWire
Shareaza
FlashGet
360
V2006
V2006
V2008
V2008
LimeWire
LimeWire
P2P
P2P
TCP
TCP
UDP
UDP
TCP
TCP
UDP
UDP
HTTP
HTTP
P2P
Pando
Pando
SoulSeek
SoulSeek
RaySource
RaySource
()
()
Web
HTTP
HTTP
()
()
()
()
HTTP
HTTP
- 297 -
AM
()
()
()
()
()
()
2006()
2006 /
()
()
()
()
()
()
OEM
()(
)
()
e ()
()OEM
PPStream
PPStream
PPLive
PPLive
QQLive
UUsee
UUsee
- 298 -
AM
Mysee
Mysee
BBsee
BBsee
Sopcast
Sopcast
TVKoo
TVKoo
PPMate
PPMate
TVAnts
TVAnts
51TV
51TV
5TTK
5TTK
MOP
MOP
TTlive
TTlive
TVUPlayer
TVUPlayer
TV
TV
QVod
QVod
PPGOU
PPGOU
TV
TV
YouTube
YouTube
5670
5670
NBA
NBA
pp
cctvlive
cctvlive in cctvbox
WebPlayer9
WebPlayer9
iV
Windows
RPC
NETBIOS
NETBIOS
NETBIOS
NETBIOS
NETBIOS
NETBIOS
Microsoft-DS
Microsoft-DS
HTTP RPC
HTTP RPC
- 299 -
AM
MS SQL
MS SQL
NFS
NFS
RSYNC
RSYNC
RCP
HTTP POST
HTTP POST
HTTP PROXY
HTTP PROXY
HTTP
HTTP
HTTP
MJBOX
HTTP
Fresh Download
Speed Bit
Speed Bit
Windows
Windows ( HTTP )
HTTP
HTTP
iTunes
iTunes(Apple )
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
HTTP
Fresh Download
HTTP
socks4/5
TCP socks
TCP socks
UDP socks
UDP socks
Waysonline/SocksOnline
GRE
ESP
AH
RADIUS
Authentication
RADIUS Authentication
Accounting
RADIUS Accounting
IKE
CMP
- 300 -
AM
Kerberos
L2TP
PPTP
ARP
RARP
IPv6
MPLS
PPPoE
MPLS_MC
PPP_DISC
PPP_SES
IGMP
EGP
RSVP
TimeServer
TimeServer
BGP
RIP
SNMP
MPLS_UC
Agent
SNMP Agent
Manager
SNMP Manager
OSPF
DAYTIME
IP
TCP/UDP/ICMP IP
IP
IP
IP
IP
P2P
p2p
- 301 -
AM
3URL
BBS
Web
- 302 -
AM
4
regular expression
(0-9a-zA-Z)
n
n\n\\\\((
RegExp Multiline
^ \n\r
RegExp Multiline
$ \n\r
zo* zozoo*
{0,}
zo+zozoo
z+ {1,}
do(es)?dodoes
do? {0,1}
n n o{2}Bobo
{n}
foodo
n n o{2,}Bobo
{n,}
{n,m}
- 303 -
AM
*+?{n}{n,}{n,m}
oooo
o+?oo+o
\n\n
[\s\S]
pattern $0...$9
(pattern)
( )\(\)
pattern
(?: pattern)
(|)
industry|industriesindustr(?: y| ies)
pattern
(?=pattern)
pattern
(?!pattern)
x y z| foodzfood(z| f)oodzood
x| y
food
[xyz]
[abc]plaina
[^xyz]
[^abc]plainp
[a-z]
[a-z]az
- 304 -
AM
[^a-z]
[^a-z]
az
er\bneverer
\b
verber
\B
er\Bverberneverer
\cx
x \cM Control-M x
A-Z a-z c c
\d
[0-9]
\D
[^0-9]
\f
\x0c \cL
\n
\x0a \cJ
\r
\x0d \cM
\s
[ \f\n\r\t\v]
\S
[^ \f\n\r\t\v]
\t
\x09 \cI
\v
\x0b \cK
\w
[A-Za-z0-9_]
\W
[^A-Za-z0-9_]
\xn
n n
\x41A\x041\x04&1
ASCII
num num
\num
(.)\1
- 305 -
AM
\n n
\n
n n (0-7) n
\nm nm
\nm
nm \nm n n
m n m (0-7)
\nm nm
n (0-3)m l (0-7)
\nml
nml
n n Unicode \u00A9
\un
()
- 306 -
AM
5MIME
MIME
.hta
application/hta
.isp
application/x-internet-signup
.crd
application/x-mscardfile
.pmc
application/x-perfmon
.spc
application/x-pkcs7-certificates
.sv4crc
application/x-sv4crc
.bin
application/octet-stream
.clp
application/x-msclIP
.mny
application/x-msmoney
.p7r
application/x-pkcs7-certreqresp
.evy
application/envoy
.p7s
application/pkcs7-signature
.eps
application/PostscrIPt
.setreg
application/set-registration-initiation
.xlm
application/vnd.ms-excel
.cpio
application/x-cpio
.dvi
application/x-dvi
.p7b
application/x-pkcs7-certificates
.doc
application/msword
.dot
application/msword
.p7c
application/pkcs7-MIME
.ps
application/PostscrIPt
.wps
application/vnd.ms-works
.csh
application/x-csh
.iii
application/x-IPhone
.pmw
application/x-perfmon
- 307 -
AM
.man
application/x-troff-man
.hdf
application/x-hdf
.mvb
application/x-msmediaview
.texi
application/x-texinfo
.setpay
application/set-payment-initiation
.stl
application/vndms-pkistl
.mdb
application/x-msaccess
.oda
application/oda
.hlp
application/winhlp
.nc
application/x-netcdf
.sh
application/x-sh
.shar
application/x-shar
.tcl
application/x-tcl
.ms
application/x-troff-ms
.ods
application/oleobject
.axs
application/olescrIPt
.xla
application/vnd.ms-excel
.mpp
application/vnd.ms-project
.dir
application/x-director
.sit
application/x-stuffit
.*
application/octet-stream
.crl
application/pkix-crl
.ai
application/PostscrIPt
.xls
application/vnd.ms-excel
.wks
application/vnd.ms-works
.ins
application/x-internet-signup
.pub
application/x-mspublisher
.wri
application/x-mswrite
.spl
application/futuresplash
- 308 -
AM
.hqx
application/mac-binhex40
.p10
application/pkcs10
.xlc
application/vnd.ms-excel
.xlt
application/vnd.ms-excel
.dxr
application/x-director
.js
application/x-javascrIPt
.m13
application/x-msmediaview
.trm
application/x-msterminal
.pml
application/x-perfmon
.me
application/x-troff-me
.wcm
application/vnd.ms-works
.latex
application/x-latex
.m14
application/x-msmediaview
.wmf
application/x-msmetafile
.cer
application/x-x509-ca-cert
.zIP
application/x-zIP-compressed
.p12
application/x-pkcs12
.pfx
application/x-pkcs12
.der
application/x-x509-ca-cert
application/pdf
.xlw
application/vnd.ms-excel
.texinfo
application/x-texinfo
.p7m
application/pkcs7-MIME
.pps
application/vnd.ms-powerpoint
.dcr
application/x-director
.gtar
application/x-gtar
.sct
text/scrIPtlet
.fif
application/fractals
.exe
application/octet-stream
- 309 -
AM
.ppt
application/vnd.ms-powerpoint
.sst
application/vndms-pkicertstore
.pko
application/vndms-pkIPko
.scd
application/x-msschedule
.tar
application/x-tar
.roff
application/x-troff
.t
application/x-troff
.prf
application/pics-rules
.rtf
application/rtf
.pot
application/vnd.ms-powerpoint
.wdb
application/vnd.ms-works
.bcpio
application/x-bcpio
.dll
application/x-msdownload
.pma
application/x-perfmon
.pmr
application/x-perfmon
.tr
application/x-troff
.src
application/x-wais-source
.acx
application/internet-property-stream
.cat
application/vndms-pkiseccat
.cdf
application/x-cdf
.tgz
application/x-compressed
.sv4cpio
application/x-sv4cpio
.tex
application/x-tex
.ustar
application/x-ustar
.crt
application/x-x509-ca-cert
.ra
audio/x-pn-realaudio
.mid
audio/mid
.au
audio/basic
.snd
audio/basic
- 310 -
AM
.wav
audio/wav
.aifc
audio/aiff
.m3u
audio/x-mpegurl
.ram
audio/x-pn-realaudio
.aiff
audio/aiff
.rmi
audio/mid
.aif
audio/x-aiff
.mp3
audio/mpeg
.gz
application/x-gzIP
.z
application/x-compress
.tsv
text/tab-separated-values
.xml
text/xml
.323
text/h323
.htt
text/webviewhtml
.stm
text/html
.html
text/html
.xsl
text/xml
.htm
text/html
.cod
image/cis-cod
.ief
image/ief
.pbm
image/x-portable-bitmap
.tiff
image/tiff
.ppm
image/x-portable-pixmap
.rgb
image/x-rgb
.dib
image/bmp
.jpeg
image/jpeg
.cmx
image/x-cmx
.pnm
image/x-portable-anymap
.jpe
image/jpeg
- 311 -
AM
.jfif
image/pjpeg
.tif
image/tiff
.jpg
image/jpeg
.xbm
image/x-xbitmap
.ras
image/x-cmu-raster
.gif
image/gif
- 312 -
AM
6AD
LDAP
1AD windows
1
6- 1
CAActive Directory
CA
2CA
CA
- 313 -
AM
6- 2 CA
CA test
AD AD qa.com
DC=qa,DC=com
3
4mmc
- 314 -
AM
6- 3
5/
- 315 -
AM
6- 4
- 316 -
AM
6- 5
6
test
6- 6
LDAP
DER
2
- 317 -
AM
AD
- 318 -
AM
7AD
ADAD
AM
AuthClient_Installer.msi
AD WINDOWS2003 ::
1 Active Directory
1
7- 1
- 319 -
AM
2
2
7- 2
3
3
TAA_Installer.msiAD
- 320 -
AM
7- 3
4
4
7- 4
- 321 -
AM
AD
5
5
6
6
gpupdateAMAD
AMAD
Windows2000
Windows2000Active
Directory--Active Dictory windows2003
1.
AD
DC
2.
AD
1
3. AD
a 2K 2003
b 2K XP 2003
4. NTLM
5. AD
6. NAT
WEB Web
7. IP IP
10
8. AM
- 322 -
AM
8
::
1AMIE
1
8-1
2
2
8-2
- 323 -
AM
3
3
8-2 2
5
5
1.
Authenticate Client
2. :
Athenticate Client
3. :
- 324 -
AM
::
- 325 -
AM
9.
AM
AM:AMInternet Control Gateway AM
LDAP
LDAPLightweight Directory Access Protocol
/
NTLM
NTLM
Console
Console
Post
PostHTTP
IM
IMInstant Messenger
Streaming Media
Media
P2P
P2P Peer-to-PeerP2P
Session
Session
Online Games
Games
P2Pstreaming
P2Pstreaming
- 326 -