11-22-2016 06:41 AM
Has anyone had success blocking Snapchat? We have a rule for blocking "bad" apps and Snapchat is presently in this list. In testing I can see that a reset-both occurs when the firewall detects the traffic and the application is recognized as Snapchat. The issue is that pictures are still able to be sent within the app... which means it isn't fully being blocked. The block does however not allow the texting portion within Snapchat (user to user). I have an open support case but thought I would post here too.
11-28-2016 07:27 AM
That's why I recommended the URL Filtering, more than likely I can't imagine that you are going to be given the go ahead to decrypt student traffic.
11-22-2016 07:26 AM
Where is snapchat pulling the pictures from? My guess is that part is not being identified correctly and they pull it from servers that are not identified as Snapchat but instead identified under something else. I would setup a rule that monitors the traffic and then see if you can't get the domain or IP address of the pictures source and block that as well.
11-22-2016 07:36 AM
I am seeing a variety of IP addresses in the list when monitoring. Some of the traffic is identified as google-base though... which is going to make this hard to block... considering we use Google Apps at school.
11-22-2016 07:59 AM
Hi rmiller1,
I would try testing by creating a new security policy just for my phones IP address, add in a URL filtering profile with all the actions set to 'alert'. Then use the app and see what domains/IPs the phone connects to, if you see a range of specific domain then you can create a policy to block this.
hope this helps,
Ben
11-22-2016 10:12 AM
That was what I was thinking of when I commented. When you are trying to find out addresses or URLs the best way to test them is to turn all traffic off but what you are testing. Of course you can't stop all unintended traffic but you can limit it, and by only using SnapChat while testing you should be able to filter out anything else your phone connects to.
11-22-2016 12:00 PM
app.snapchat.com
snapchat-proxy.appspot.com
www.feelinsonice.com
sc-analytics.appspot.com
Found these via content filtering. Going to track down one of the kids, but the blocking of these significanly reduces the functionality of the app.
Thanks for the suggestions. I was focussing on the blocking of the app where I should have also investigated URL blocking. Silly me.
11-28-2016 02:41 AM
Hi @rmiller1,
It might seem silly but are you decrypting the traffic ?
Snapchat traffic is encrypted and you might not see required payload to identify all the traffic correctly if you are not doing SSL decryption.
Adding URL blocking is helpfull but I'm seeing some URLs that might not be limited to Snapchat alone in which case you might be blocking some legitimate traffic.
Cheers,
-Kim.
11-28-2016 07:27 AM
That's why I recommended the URL Filtering, more than likely I can't imagine that you are going to be given the go ahead to decrypt student traffic.
11-28-2016 08:55 AM
Not decyprting traffic. I was able to interrupt the app usage with URL filtering. It's probably not "perfect" but it will be an annoyance to the kids.
11-28-2016 08:57 AM
@kiwi hopefully the URLs I blocked are specific to Snapchat. From my reserach in other places online the URLs seems to be related to Snapchat in particular.
12-05-2016 06:37 AM
And the kiddos are reporting it is working again - BAHH! SSL Decyrption may be the only true way to keep on top of it.
12-05-2016 07:07 AM
That's the bad things about trying to block by URL without using decryption; they can change these whenever they want and all they have to do is update the app.
12-05-2016 08:00 AM
I'm going to be Santa Claus and let them use the app for now... until it becomes a problem. I don't wish to decrypt SSL and place a certificate on the devices... especially because there are so many BYOD type of situations with a variety of hardware, etc...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
