Firewall Wizards mailing list archives

Re: Blocking Google Talk

From: Devdas Bhagat <dvb () users sourceforge net>
Date: Wed, 21 Jun 2006 12:48:45 +0530

On 20/06/06 11:04 -0700, Mike Powell wrote:
<snip>

It would be, if it actually happened that way. XMPP is supposed to use
port 5222. None of our users can get out on port 5222, and I see the
connections being successfully blocked in the logs. The Google Talk
client then goes on to make connections on ports 80 and 443 and happily


According to TFM on talk.google.com

http://www.google.com/support/talk/bin/answer.py?answer=27930&query=proxy&topic=0&type=f

Google talk falls through to 443/tcp if you block port 5222. Google talk
is also proxy (and proxy authentication) aware, so merely putting those
up as requirements will not help. Blocking it in the proxy (as you have
done) will work though.
<snip>

This isn't a bandaid. Oh, and if you really want to stop the
problem, why not just prevent the installation of the 
software in the first place? [...]


Hey, what a great idea! FYI, I have installed Google Talk onto a machine
using an unprivileged domain user account. The google talk installer
will not let you continue with the install pointed into c:\Program
Files, but if you choose a directory that you as a user have full access
to (such as your own desktop), the installer will allow you to complete
and Google Talk will successfully start up. It won't add itself to the
Add/Remove Programs section if you are not a local admin, but it will
copy its files and allow the user to run it. Again, to me it sounds like
someone spent a lot of effort to make sure that non-admin users with
only limited internet connectivity (proxied http connections on ports 80
and 443) would be able to successfully run the google talk client.

Interesting. I don't have a MS Windows machine around here to test, so I
can't confirm that behaviour. Someone else should be able to though.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Blocking Google Talk, (continued)
- Re: Blocking Google Talk Paul D. Robertson (Jun 19)
  - Re: Blocking Google Talk Frank Knobbe (Jun 19)
    - Re: Blocking Google Talk R. DuFresne (Jun 20)
    - Re: Blocking Google Talk Devdas Bhagat (Jun 20)
    - Re: Blocking Google Talk Frank Knobbe (Jun 20)
    - Re: Blocking Google Talk Dale W. Carder (Jun 21)
    - Re: Blocking Google Talk Oliver Humpage (Jun 21)
    - Re: Blocking Google Talk James (Jun 27)
    - Re: Blocking Google Talk Paul D. Robertson (Jun 27)
- Re: Blocking Google Talk Mike Powell (Jun 20)
  - Re: Blocking Google Talk Devdas Bhagat (Jun 21)
  - Re: Blocking Google Talk Jon Czerwinski (Jun 21)
  - Re: Blocking Google Talk Jim Seymour (Jun 21)