Re: [fw-wiz] Blocking Google Talk

On 20/06/06 11:04 -0700, Mike Powell wrote:
<snip>
It would be, if it actually happened that way. XMPP is supposed to use
port 5222. None of our users can get out on port 5222, and I see the
connections being successfully blocked in the logs. The Google Talk
client then goes on to make connections on ports 80 and 443 and happily

According to TFM on talk.google.com

http://www.google.com/support/talk/bin/answer.py?answer=27930&query=proxy&topic=0&type=f

Google talk falls through to 443/tcp if you block port 5222. Google talk
is also proxy (and proxy authentication) aware, so merely putting those
up as requirements will not help. Blocking it in the proxy (as you have
done) will work though.
<snip>

This isn't a bandaid. Oh, and if you really want to stop the
problem, why not just prevent the installation of the
software in the first place? [...]

Hey, what a great idea! FYI, I have installed Google Talk onto a machine
using an unprivileged domain user account. The google talk installer
will not let you continue with the install pointed into c:\Program
Files, but if you choose a directory that you as a user have full access
to (such as your own desktop), the installer will allow you to complete
and Google Talk will successfully start up. It won't add itself to the
Add/Remove Programs section if you are not a local admin, but it will
copy its files and allow the user to run it. Again, to me it sounds like
someone spent a lot of effort to make sure that non-admin users with
only limited internet connectivity (proxied http connections on ports 80
and 443) would be able to successfully run the google talk client.

Interesting. I don't have a MS Windows machine around here to test, so I
can't confirm that behaviour. Someone else should be able to though.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: [fw-wiz] Blocking Google Talk
    ... I'm the original poster of the "blocking google talk" question, ... None of our users can get out on port 5222, ... The google talk installer will ...
    (Firewall-Wizards)
  • help: using smtp.gmail.com as SMART_HOST
    ... with my Google gmail address. ... is pop.gmail.com, using port 995. ... Retrieving mail is not the problem since my Google searches ... client, I believe the term is) to send my mail to Google's ...
    (comp.mail.sendmail)
  • Re: Can we move and leave no forwarding address?
    ... you should try using "real" Usenet access where you have a killfile and message processing rules to help filter out this crap. ... but it's better than having to repeatedly see these spam posts on Google. ... One really nice thing about Motzarella is that they also support using IP port 80. ... Using a traditional "NNTP" newsreader gives you greater control over filtering, sorting, and flagging messages. ...
    (rec.arts.disney.parks)
  • Re: What Would Cause ISA to Block GoogleBots?
    ... This looks to me like Google coming on my site and are consecutive log ... to connect to Google at 66.249.66.204 on Port 55334 and ISA denies it. ... On some DNS requests the log file looks like this; ...
    (microsoft.public.isa)
  • Re: [fw-wiz] Blocking Google Talk
    ... I'm the original poster of the "blocking google talk" question, ... None of our users can get out on port 5222, ... connections being successfully blocked in the logs. ...
    (Firewall-Wizards)