[unisog] Google Desktop (v4)

Michael Holstein michael.holstein at csuohio.edu
Fri Feb 10 21:54:19 GMT 2006

> We have not found a good way to ban this on a large scale, but I would 
> be very interested to see the results of your testing.  If you're able 
> to come up with a specific listing of IP addresses that the google 
> desktop uses to upload files to, would you be willing to share it with us?

So far, it looks like it resolves 'desktopservices.google' and 
'desktop.google' as well as 'google' itself.

There is some SSL traffic to the 'desktopservices' addresses, but I have 
to install it on a few more computers to see if my efforts to block the 
upload part are working.

It appears they're using their content delivery network under the 
standard 'google.com' domain to handle the traffic (dammit!).

My current thinking is to see if the SSL certificates for this 
application are different than the ones for gmail, etc. and if so, to 
attack the key exchange with snort and the REACT action.

I'll keep everyone posted.


Michael Holstein CISSP GCIA
Cleveland State University

PS: FWIW, everyone should pester google about publishing some sort of 
specification on how to handle blocking this application if doing so is 
part of corporate policy. They endevour to "do no evil" .. well, this 
app is stretching it, perticularly if they don't make available 
information to allow institutional policy enforcement.

More information about the unisog mailing list