Blocking Google Talk in your Organization

Recently I was assigned the task of Blocking Google Talk service for the organization I work.

In Google Talk Developer Info: it was told that the Google Talk service runs at url: talk.google.com at port 5222. Tracert revealed that talk.google.com points to talk.l.google.com @ 209.85.137.125.

But: Blocking 209.85.137.125 at port 5222 does not block Google Talk service.

Then I used WildPackets.com’s OmniPeek Personal Edition to probe out a packet level analysis.

Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Also: Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail.

Bottom line: Block access to 216.239.37.125, 72.14.253.125, 72.14.217.189 and 209.85.137.125 on ports 80, 443, 5222 and 5223.

Note1: This is one of the measures to Block Google Talk. Meebo has an option wherein one can logon to any IM network., including Google, MSN and Yahoo!. So does Kool IM, eBuddy and ILoveIM. So you got to block these sites too if you want to curb IM misuse.

Note2: Geeks will get on a workaround like using an SSH Tunnel, public proxies, TOR, etc., In order to circumvent this., you got to use thirdparty traffic shapers like Akonix IM Control, Websense, etc., that sniff out Jabber traffic and prevent usage of proxies.

Note3: If you want to Block File Transfers in Google Talk block Ports 20 and 21.

Note4: This blocks Google Talk Gadget too !!!

About these ads

16 thoughts on “Blocking Google Talk in your Organization

  1. Hi
    Nice piece of info you shared …

    But I believe that these IP also varies time to time. Me on linux ;)
    Not sure. Please confirm.

    Thank you
    Tom

  2. Hi Tom,

    I’m sure they run on Static IP’s. Google has their own ISP.

    I’m personally following this in my organization, till date there has not been any breach. I check it every week and so far they haven’t changed it!

  3. Pingback: past … present … future « CS Shyam Sundar’s Weblog

  4. hello,

    i have tried the above method (PORT) but it also blocks yahoo IM. Any other specific port numbers for Google talk .. I just want to block google talk and gmail but allow yahoo messenger…. Pls

  5. hi there,

    i have added following line to my ip firewall to block gtalk but it doesn’t work.!!!

    ipfw add 033 deny all from any to 216.239.37.125/32,72.14.253.125/32,72.14.217.189/32,209.85.137.125/32 dst-port 80,443,5222,5223 out via bge0

    is there anything else i need to tweak?

    i am using freebsd 7 with squid 3.14.

    Thanks,

  6. Pingback: [APP] GrooVe IP - Google Voice VoIP - Page 17 - Android Forums

  7. Pingback: note.id.lv » Block google translate usage as a proxy.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s