RE: How do i block google talk on a Firewall ?

From: James Wilson (netsurf@sersol.com)
Date: Sat Jan 26 2008 - 03:39:11 ARST

At my previous employer I was able to block the handshaking at the proxy
server (squid) by capturing a session and creating a rule to block those
http/https requests. I don't have access to that server anymore but it
should be fairly easily done if you use a proxy server that lets you write
regex acl's of requests. You might be able to do something similar with
modular QoS tagging the packet to drop. Denying the handshake means you
won't have to worry about ip addresses changing on you. This method also
works with other chat clients that like to use wide ranges of address space
and port 80. 

--
James D. Wilson
Sr. Network/Security Engineer
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of EDL
Sent: Thursday, January 24, 2008 10:40 AM
To: Vinu; Cisco certification
Subject: Re: How do i block google talk on a Firewall ?

Results from a quick search on google.com
+++++++++++++++++++++++++++++++++

Blocking Google Talk in your Organization
Recently I had an issue of Blocking Google Talk service for the organization
I work.

In Google Talk Developer Info: it was told that the Google Talk service runs
at url: talk.google.com at port 5222. Tracert revealed that talk.google.com
points to talk.l.google.com @ 209.85.137.125.

But: Blocking 209.85.137.125 at port 5222 does not block Google Talk
service.

Then I used WildPackets.com's OmniPeek Personal Edition to probe out a
packet level analysis.

Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for
its communication purposes. Worst of all: Google Talk connects to
216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125.
It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk
Client. Note: This does not disable Google mail.

Bottom line: Block access to 216.239.37.125, 72.14.253.125, 72.14.217.189
and 209.85.137.125 on ports 80, 443, 5222 and 5223.

Note1: This is one of the measures to Block Google Talk. Meebo has an option
wherein one can logon to any IM network., including Google, MSN and Yahoo!.
So does Kool IM, eBuddy and ILoveIM. So you got to block these sites too if
you want to curb IM misuse.

Note2: Geeks will get on a workaround like using an SSH Tunnel using puTTY,
public proxies, TOR, etc., In order to circumvent this., so you got to use
thirdparty traffic shapers like Akonix IM Control, Websense, etc., that
sniff out Jabber traffic and prevent usage of proxies.

Note3: If you want to Block File Transfers alone in Google Talk: Block Ports
20 and 21.

Note4: This blocks Google Talk Gadget too !!!

+++++++++++++++++++++++++++++++++

----- Original Message -----
From: "Vinu" <vinupeter@gmail.com>
To: "Cisco certification" <ccielab@groupstudy.com>
Sent: Wednesday, January 23, 2008 10:21 AM
Subject: How do i block google talk on a Firewall ?

> Is there any specific port that google talk uses ? need urgent help.
>
> --
> Regards,
>
> Vinu Peter
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:01 ARST