Pokemon GO

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Pokemon GO

L0 Member

With the rise in popularity of the new Pokemon GO app, has anyone had the opportunity to build a signature or possibly even gather a pcap of the traffic that could be shared (the site is not allowing signups right now so I am unable to produce my own test traffic to collect).

 

I have received complaints from as high as our CIO, that too many people are walking around playing this game and we need to report on it and block is ASAP.

 

Any help is appreciated,

-adam

1 accepted solution

Accepted Solutions

L3 Networker

Hello,

 

 

From my research you can block the domain pgorelease.nianticlabs.com and the clients will not be able to reach out to the server to play the game. This does not however stop the employee from using their mobile data plan to continue playing the game. 

 

Regards,

Tyler

View solution in original post

4 REPLIES 4

L4 Transporter

Hi,

 

I haven't seen the game's traffic since it hasn't been released yet in Canada, but the developer's previous game called Ingress relies heavily on Google API. You might have a hard time identifying the application without decrypting the traffic.

 

Regards,

 

Benjamin

L3 Networker

Hello,

 

 

From my research you can block the domain pgorelease.nianticlabs.com and the clients will not be able to reach out to the server to play the game. This does not however stop the employee from using their mobile data plan to continue playing the game. 

 

Regards,

Tyler

Thanks for all the feedback. I can confirm that I also see the app attempting to use the following URLs:

 

pgorelease.nianticlabs.com
   -   Using a *.nianticlabs.com certificate
appload.ingest.crittercism.com
   -   Using a *.ingest.critterciscm.com certificate

 

The latter URL appears to be a third party app analytics company. I've yet to receive an executive order to authorize blocking, but I believe tboire is likely correct that blocking the Niantic URL will prevent connections. Should I get approval to block, that is my next course of action.

 

Thanks everyone.

Hi @aelmore @tboire @BenjAudy.MTL

I know I am late in this thread, but I wanted to share this two options with you all.

 

Option 1: URL filtering

Simply blacklist the following url:  pgorelease.nianticlabs.com  (this is used to make API calls by the APP)

 

Option 2: Create a custom application which looks for the SNI string

set application pokemon-go default port tcp/443

set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match pattern pgorelease.nianticlabs.com

set application pokemon-go signature PG-SSL and-condition "And Condition 1" or-condition "Or Condition 1" operator pattern-match context ssl-req-client-hello

set application pokemon-go signature PG-SSL scope protocol-data-unit

set application pokemon-go signature PG-SSL order-free no

set application pokemon-go signature PG-SSL comment “Pattern match against the SNI for Pokemon Go"

set application pokemon-go category media

set application pokemon-go subcategory gaming

set application pokemon-go technology client-server

set application pokemon-go description "Pokemon Go is a social game released in 2016 by Niantic Labs."

set application pokemon-go risk 1

set application pokemon-go parent-app ssl

  • 1 accepted solution
  • 6058 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!