Snapchat

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Snapchat

L1 Bithead

Has anyone had success blocking Snapchat? We have a rule for blocking "bad" apps and Snapchat is presently in this list. In testing I can see that a reset-both occurs when the firewall detects the traffic and the application is recognized as Snapchat. The issue is that pictures are still able to be sent within the app... which means it isn't fully being blocked. The block does however not allow the texting portion within Snapchat (user to user). I have an open support case but thought I would post here too.

1 accepted solution

Accepted Solutions

That's why I recommended the URL Filtering, more than likely I can't imagine that you are going to be given the go ahead to decrypt student traffic. 

View solution in original post

12 REPLIES 12

Cyber Elite
Cyber Elite

Where is snapchat pulling the pictures from? My guess is that part is not being identified correctly and they pull it from servers that are not identified as Snapchat but instead identified under something else. I would setup a rule that monitors the traffic and then see if you can't get the domain or IP address of the pictures source and block that as well. 

I am seeing a variety of IP addresses in the list when monitoring. Some of the traffic is identified as google-base though... which is going to make this hard to block... considering we use Google Apps at school.

Hi rmiller1,

 

I would try testing by creating a new security policy just for my phones IP address, add in a URL filtering profile with all the actions set to 'alert'. Then use the app and see what domains/IPs the phone connects to, if you see a range of specific domain then you can create a policy to block this.

 

hope this helps,

Ben

That was what I was thinking of when I commented. When you are trying to find out addresses or URLs the best way to test them is to turn all traffic off but what you are testing. Of course you can't stop all unintended traffic but you can limit it, and by only using SnapChat while testing you should be able to filter out anything else your phone connects to. 

app.snapchat.com
snapchat-proxy.appspot.com
www.feelinsonice.com
sc-analytics.appspot.com

 

Found these via content filtering. Going to track down one of the kids, but the blocking of these significanly reduces the functionality of the app.

 

Thanks for the suggestions. I was focussing on the blocking of the app where I should have also investigated URL blocking. Silly me.

 

Community Team Member

Hi @rmiller1,

 

It might seem silly but are you decrypting the traffic ?

 

Snapchat traffic is encrypted and you might not see required payload to identify all the traffic correctly if you are not doing SSL decryption.

 

Adding URL blocking is helpfull but I'm seeing some URLs that might not be limited to Snapchat alone in which case you might be blocking some legitimate traffic.

 

Cheers,

-Kim.

 

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

That's why I recommended the URL Filtering, more than likely I can't imagine that you are going to be given the go ahead to decrypt student traffic. 

Not decyprting traffic. I was able to interrupt the app usage with URL filtering. It's probably not "perfect" but it will be an annoyance to the kids.

 

@kiwi hopefully the URLs I blocked are specific to Snapchat. From my reserach in other places online the URLs seems to be related to Snapchat in particular.

And the kiddos are reporting it is working again - BAHH! SSL Decyrption may be the only true way to keep on top of it.

That's the bad things about trying to block by URL without using decryption; they can change these whenever they want and all they have to do is update the app. 

I'm going to be Santa Claus and let them use the app for now... until it becomes a problem. I don't wish to decrypt SSL and place a certificate on the devices... especially because there are so many BYOD type of situations with a variety of hardware, etc... 

  • 1 accepted solution
  • 11581 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!