Pokemon GO

Reply
L0 Member

Pokemon GO

With the rise in popularity of the new Pokemon GO app, has anyone had the opportunity to build a signature or possibly even gather a pcap of the traffic that could be shared (the site is not allowing signups right now so I am unable to produce my own test traffic to collect).

 

I have received complaints from as high as our CIO, that too many people are walking around playing this game and we need to report on it and block is ASAP.

 

Any help is appreciated,

-adam

L4 Transporter

Re: Pokemon GO

Hi,

 

I haven't seen the game's traffic since it hasn't been released yet in Canada, but the developer's previous game called Ingress relies heavily on Google API. You might have a hard time identifying the application without decrypting the traffic.

 

Regards,

 

Benjamin

L3 Networker

Re: Pokemon GO

Hello,

 

 

From my research you can block the domain pgorelease.nianticlabs.com and the clients will not be able to reach out to the server to play the game. This does not however stop the employee from using their mobile data plan to continue playing the game. 

 

Regards,

Tyler

L0 Member

Re: Pokemon GO

Thanks for all the feedback. I can confirm that I also see the app attempting to use the following URLs:

 

pgorelease.nianticlabs.com
   -   Using a *.nianticlabs.com certificate
appload.ingest.crittercism.com
   -   Using a *.ingest.critterciscm.com certificate

 

The latter URL appears to be a third party app analytics company. I've yet to receive an executive order to authorize blocking, but I believe tboire is likely correct that blocking the Niantic URL will prevent connections. Should I get approval to block, that is my next course of action.

 

Thanks everyone.

L4 Transporter

Re: Pokemon GO

Hi @aelmore @tboire @BenjAudy.MTL

I know I am late in this thread, but I wanted to share this two options with you all.

 

Option 1: URL filtering

Simply blacklist the following url:  pgorelease.nianticlabs.com  (this is used to make API calls by the APP)

 

Option 2: Create a custom application which looks for the SNI string

set application pokemon-go default port tcp/443

set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match pattern pgorelease.nianticlabs.com

set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match context ssl-req-client-hello

set application pokemon-go signature PG-SSL scope protocol-data-unit

set application pokemon-go signature PG-SSL order-free no

set application pokemon-go signature PG-SSL comment “Pattern match against the SNI for Pokemon Go"

set application pokemon-go category media

set application pokemon-go subcategory gaming

set application pokemon-go technology client-server

set application pokemon-go description "Pokemon Go is a social game released in 2016 by Niantic Labs."

set application pokemon-go risk 1

set application pokemon-go parent-app ssl

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!