With the rise in popularity of the new Pokemon GO app, has anyone had the opportunity to build a signature or possibly even gather a pcap of the traffic that could be shared (the site is not allowing signups right now so I am unable to produce my own test traffic to collect).
I have received complaints from as high as our CIO, that too many people are walking around playing this game and we need to report on it and block is ASAP.
Any help is appreciated,
Thanks for all the feedback. I can confirm that I also see the app attempting to use the following URLs:
- Using a *.nianticlabs.com certificate
- Using a *.ingest.critterciscm.com certificate
The latter URL appears to be a third party app analytics company. I've yet to receive an executive order to authorize blocking, but I believe tboire is likely correct that blocking the Niantic URL will prevent connections. Should I get approval to block, that is my next course of action.
I know I am late in this thread, but I wanted to share this two options with you all.
Option 1: URL filtering
Simply blacklist the following url: pgorelease.nianticlabs.com (this is used to make API calls by the APP)
Option 2: Create a custom application which looks for the SNI string
set application pokemon-go default port tcp/443
set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match pattern pgorelease.nianticlabs.com
set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match context ssl-req-client-hello
set application pokemon-go signature PG-SSL scope protocol-data-unit
set application pokemon-go signature PG-SSL order-free no
set application pokemon-go signature PG-SSL comment “Pattern match against the SNI for Pokemon Go"
set application pokemon-go category media
set application pokemon-go subcategory gaming
set application pokemon-go technology client-server
set application pokemon-go description "Pokemon Go is a social game released in 2016 by Niantic Labs."
set application pokemon-go risk 1
set application pokemon-go parent-app ssl
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!