https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/97217#M111 <P>Hello,</P><P>&nbsp;</P><P>&nbsp;</P><P>From my research you can block the domain&nbsp;<STRONG>pgorelease.nianticlabs.com </STRONG>and the clients will not be able to reach out to the server to play the game. This does not however stop the employee from using their mobile data plan to continue playing the game.&nbsp;</P><P>&nbsp;</P><P><STRONG>Regards,</STRONG></P><P><STRONG>Tyler</STRONG></P> Wed, 13 Jul 2016 12:39:47 GMT tboire 2016-07-13T12:39:47Z https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/96642#M109 <P>With the rise in popularity of the new Pokemon GO app, has anyone had the opportunity to build a signature or possibly even gather a pcap of the traffic that could be shared (the site is not allowing signups right now so I am unable to produce my own test traffic to collect).</P><P>&nbsp;</P><P>I have received complaints from as high as our CIO, that too many people are walking around playing this game and we need to report on it and block is ASAP.</P><P>&nbsp;</P><P>Any help is appreciated,</P><P>-adam</P> Tue, 12 Jul 2016 04:04:26 GMT https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/96642#M109 aelmore 2016-07-12T04:04:26Z https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/97083#M110 <P>Hi,</P><P>&nbsp;</P><P>I haven't seen the game's traffic since it hasn't been released yet in Canada, but the developer's previous game called Ingress relies heavily on Google API. You might have a hard time identifying the application without decrypting the traffic.</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P><P>Benjamin</P> Wed, 13 Jul 2016 03:50:10 GMT https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/97083#M110 BenjAudy.MTL 2016-07-13T03:50:10Z https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/97217#M111 <P>Hello,</P><P>&nbsp;</P><P>&nbsp;</P><P>From my research you can block the domain&nbsp;<STRONG>pgorelease.nianticlabs.com </STRONG>and the clients will not be able to reach out to the server to play the game. This does not however stop the employee from using their mobile data plan to continue playing the game.&nbsp;</P><P>&nbsp;</P><P><STRONG>Regards,</STRONG></P><P><STRONG>Tyler</STRONG></P> Wed, 13 Jul 2016 12:39:47 GMT https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/97217#M111 tboire 2016-07-13T12:39:47Z https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/97251#M112 <P>Thanks for all the feedback. I can confirm that I also see the app attempting to use the following URLs:</P><P>&nbsp;</P><P>pgorelease.nianticlabs.com<BR />&nbsp; &nbsp;- &nbsp; Using a *.nianticlabs.com certificate<BR />appload.ingest.crittercism.com<BR />&nbsp; &nbsp;- &nbsp; Using a *.ingest.critterciscm.com certificate</P><P>&nbsp;</P><P>The latter URL appears to be a third party app analytics company. I've yet to receive an executive order to authorize blocking, but I believe tboire is likely correct that blocking the Niantic URL will prevent connections. Should I get approval to block, that is my next course of action.</P><P>&nbsp;</P><P>Thanks everyone.</P> Wed, 13 Jul 2016 13:31:02 GMT https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/97251#M112 aelmore 2016-07-13T13:31:02Z https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/161872#M179 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/33861">@aelmore</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/44300">@tboire</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/31211">@BenjAudy.MTL</a></P><P>I know I am late in this thread, but I wanted to share this two options with you all.</P><P>&nbsp;</P><P><FONT size="2"><SPAN>Option 1: URL filtering</SPAN></FONT></P><P><SPAN>Simply blacklist the following url: &nbsp;</SPAN><SPAN>pgorelease.nianticlabs.com</SPAN><SPAN>&nbsp;&nbsp;(this is used to make API calls by the APP)</SPAN></P><P>&nbsp;</P><P><FONT size="2"><SPAN>Option 2: Create a custom application which looks for the SNI string</SPAN></FONT></P><P>set application pokemon-go default port tcp/443</P><P>set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match pattern pgorelease.nianticlabs.com</P><P>set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match context ssl-req-client-hello</P><P>set application pokemon-go signature PG-SSL scope protocol-data-unit</P><P>set application pokemon-go signature PG-SSL order-free no</P><P>set application pokemon-go signature PG-SSL comment “Pattern match against the SNI for Pokemon Go"</P><P>set application pokemon-go category media</P><P>set application pokemon-go subcategory gaming</P><P>set application pokemon-go technology client-server</P><P>set application pokemon-go description "Pokemon Go is a social game released in 2016 by Niantic Labs."</P><P>set application pokemon-go risk 1</P><P>set application pokemon-go parent-app ssl</P> Mon, 19 Jun 2017 04:44:58 GMT https://live.paloaltonetworks.com/t5/custom-signatures/pokemon-go/m-p/161872#M179 acc6d0b3610eec313831f7900fdbd235 2017-06-19T04:44:58Z