styxyang
commented
9 years ago @qiuzi 我这边试了一下 googlevideo 的查询,貌似还是在列表中的,你的意思是有新的毒 ip 嘛?
Open qiuzi opened 9 years ago
styxyang
commented
9 years ago @qiuzi 我这边试了一下 googlevideo 的查询,貌似还是在列表中的,你的意思是有新的毒 ip 嘛?
styxyang
commented
9 years ago @qiuzi 修正,我也发现了新的毒 ip,这个好像暂时只能手动添加,或者收集了以后集中共享一下。因为 dnsmasq 并不负责去连接这个 ip,并不能发现毒 ip。
qiuzi
commented
9 years ago 后期搜寻了下投毒是随机性的 那些ip会不断的变动 增加
在 2014年12月25日 下午11:51,Yang Hong notifications@github.com写道:
@qiuzi https://github.com/qiuzi 修正,我也发现了新的毒 ip,这个好像暂时只能手动添加,或者收集了以后集中共享一下。因为 dnsmasq 并不负责去连接这个 ip,并不能发现毒 ip。
— Reply to this email directly or view it on GitHub https://github.com/styx-hy/dnsmasq-chinadns/issues/12#issuecomment-68106739 .
zhf
commented
9 years ago 新的假 IP 看起来还是源自一个列表,不是实时随机产生的,因为那样计算成本会很高。我补充一个用自己脚本测试出来的假 IP 列表,实际的 GFW 的列表估计有上千个 IP。
103.13.99.7
107.22.190.148
108.163.178.122
108.174.157.113
109.104.79.125
112.78.125.82
114.200.196.34
115.68.84.144
115.70.157.175
119.245.210.162
119.81.19.203
121.83.222.122
123.30.172.199
124.108.33.112
124.248.157.71
14.139.212.165
144.76.137.107
146.185.239.32
146.185.40.129
146.255.101.166
148.251.244.54
148.251.47.115
149.126.72.230
149.126.72.44
150.156.24.100
158.39.172.232
160.46.244.54
162.13.189.151
162.13.53.214
164.138.218.72
167.114.57.60
173.193.181.195
173.244.179.254
176.31.122.216
176.31.241.173
176.34.124.32
176.56.63.13
176.9.253.198
177.70.21.245
178.254.62.160
178.32.24.104
178.62.36.53
178.63.94.50
178.77.93.88
178.79.145.102
178.79.191.34
182.237.23.131
182.50.154.243
184.106.62.52
184.173.133.194
184.188.80.195
184.73.230.253
188.226.196.84
188.40.46.89
190.224.160.40
192.245.50.80
192.248.8.100
193.0.61.177
193.10.226.10
193.109.246.144
193.147.89.233
193.218.152.55
193.29.200.141
193.48.136.65
194.133.15.234
194.94.72.39
195.205.44.250
198.101.247.252
198.204.76.17
199.185.91.173
199.19.205.203
199.230.52.237
199.47.230.16
199.83.130.163
200.76.52.94
202.95.212.173
203.134.30.5
203.162.53.78
203.183.64.160
203.20.213.60
203.223.154.86
204.137.28.66
204.15.165.26
205.134.252.58
205.186.187.116
206.108.49.59
207.58.169.166
208.112.102.121
208.113.148.85
208.78.244.145
208.86.167.34
209.160.37.61
209.235.200.201
209.235.211.137
209.99.52.81
210.129.90.38
210.211.97.114
210.245.86.53
212.13.64.78
212.154.192.87
212.154.211.163
212.227.127.200
216.158.77.104
216.177.84.222
216.36.247.35
216.38.50.121
217.197.125.22
222.231.62.69
223.130.27.125
27.102.213.179
31.172.113.22
31.192.105.121
31.210.46.170
31.7.59.254
37.140.192.90
37.252.96.49
37.59.227.78
37.59.52.124
41.222.226.210
41.76.208.178
46.105.120.83
46.183.146.84
46.231.92.69
46.37.160.23
46.4.173.210
46.4.20.212
50.22.67.221
50.28.7.55
50.28.77.178
50.62.160.77
50.87.145.98
5.101.153.32
5.135.80.178
5.157.86.43
5.196.178.196
54.191.123.35
54.236.70.152
54.76.39.112
54.85.191.200
54.85.221.126
54.88.181.192
54.88.232.234
5.61.27.185
5.63.145.196
58.80.134.169
5.9.102.243
5.9.114.24
5.9.22.135
59.24.3.173
62.112.193.167
62.113.228.242
62.210.152.22
62.219.81.228
62.75.218.243
64.20.49.2
64.210.138.177
64.237.43.54
64.28.8.35
64.68.48.29
64.90.33.212
65.160.236.76
65.49.3.9
66.135.36.27
66.154.51.131
66.245.182.84
66.35.59.212
66.71.245.43
66.7.200.165
67.192.235.231
67.222.47.190
67.223.104.12
67.43.1.132
68.99.123.161
69.162.134.4
69.175.12.187
70.39.150.242
75.101.141.25
77.92.100.226
78.136.8.88
78.138.66.2
78.140.142.33
78.46.222.224
78.46.6.194
79.96.4.28
79.98.104.216
80.255.7.149
80.79.27.6
85.10.213.109
85.114.151.58
85.128.177.198
85.204.229.65
85.214.23.120
85.25.28.143
87.106.241.10
87.216.218.31
87.98.226.199
88.129.146.65
88.191.249.182
88.198.6.198
88.198.69.168
88.198.8.54
88.208.61.94
88.85.84.181
90.156.227.57
91.223.40.92
91.236.78.88
91.99.99.170
92.42.186.232
93.190.139.30
94.182.166.122
94.23.188.140
94.23.88.204
95.173.178.155
96.126.117.251
96.127.159.138
96.30.47.87
98.129.225.138
99.192.225.151
aa65535
commented
9 years ago @zhf 的确不是每个请求实时生成的,而是每隔一段时间生成一组 (从日志分析大约是一小时,每组750个左右,每组重复率低于 20%。当然,这只是目前的情况,我觉得会更糟)。 这样就足够让 iplist 策略失效。
最为显明的就是googlevideo.com解析的结果 要怎么才能收集?