Blocking Google Talk

["Mike Powell" <mikep () dri-eaz com>]

Does anyone have any ideas for blocking Google's new Google Talk client
without blocking the Google web site? The IP addresses that the Talk
client uses are the same addresses that resolve for Google. Even more
difficult, Google doesn't have reverse (PTR) records to be able to
usefully filter traffic to raw IP addresses. Even if they did, since the
addresses are the same as for Google's web traffic (see above), blocking
addresses used by the Talk client would break access to the Google
website. 

Also, even though the documentation on the Google Talk web site states
that the Google Talk client uses port 5222 (which we are successfully
blocking), it seems to work just fine even if port 5222 is blocked and
the only access is port 443(SSL). I know that it is working this way
because I have tracked this in the logs, and it tries to connect on
5222, but also makes connections on 443 and then just keeps on going
like there was no problem at all.

We filter our internet-bound traffic through Microsoft's ISA 2004, and
it is protocol-aware for http (port 80 and 443) traffic, so I can't
think of a way to block the port 443 traffic as it appears to go through
the ISA server as a valid SSL connection, just like someone browsing an
SSL website.

I'm really stuck on this. We only allow web access on ports 80 and 443
by corporate policy, yet a ton of our people are using this software.
Help!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards