[unisog] Google Desktop (v4)
michael.holstein at csuohio.edu
Fri Feb 10 21:54:19 GMT 2006
> We have not found a good way to ban this on a large scale, but I would
> be very interested to see the results of your testing. If you're able
> to come up with a specific listing of IP addresses that the google
> desktop uses to upload files to, would you be willing to share it with us?
So far, it looks like it resolves 'desktopservices.google' and
'desktop.google' as well as 'google' itself.
There is some SSL traffic to the 'desktopservices' addresses, but I have
to install it on a few more computers to see if my efforts to block the
upload part are working.
It appears they're using their content delivery network under the
standard 'google.com' domain to handle the traffic (dammit!).
My current thinking is to see if the SSL certificates for this
application are different than the ones for gmail, etc. and if so, to
attack the key exchange with snort and the REACT action.
I'll keep everyone posted.
Michael Holstein CISSP GCIA
Cleveland State University
PS: FWIW, everyone should pester google about publishing some sort of
specification on how to handle blocking this application if doing so is
part of corporate policy. They endevour to "do no evil" .. well, this
app is stretching it, perticularly if they don't make available
information to allow institutional policy enforcement.
More information about the unisog