Solved

how block whatsapp in my network ??

Posted on 2013-01-05
11
32,342 Views
Last Modified: 2013-01-11
Dear Sir

I want to block whatsapp access in my network, I am using Kerio control.
how can I block ??
0
Comment
Question by:spring80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 8

Expert Comment

by:stevepcguy
ID: 38746673
Not sure exactly what you mean. What type of network are you talking about? Whatsapp runs on smartphones. Is there a client app that runs on PCs?
0
 
LVL 18

Expert Comment

by:Andrej Pirman
ID: 38746691
It is probably very hard to do it on firewall level, since most firewalls (kerio too) are Layer 3 firewalls, so you would need to know all the IP addresses, which are in use with Whatsapp messenger. Which is utopia.

I suggest you "dirty" approach.
You might use Group Policy to push a firewall rule to client computers, which prevent c:\Program files\Whatsapp\whatever.exe from communicating with internet.

Also you might create a simple BATCH file, which runs from server, and scans all available IP's on your LAN, look for c:\Program files\whatsapp\whatever and try to delete whatsapp.exe or however it is called.

Or even more  - with above script you might just scan for Whatsapp installed in Program Files, and if found, push the new IP address to the client and move him/her into some weird IP subnet, for example, to 10.10.100.xxx range. Client will loose internet AND LAN connectivity and will call you for help. You will slowly respond, then you will examine his/her computer and diagnose, that he/she had WhatsApp installed, and that's why computer was "broken".
Few interventions like this and all will know that there is no kidding at work. :)

***EDIT***
Sorry, if this is for smartphone, my suggestions do NOT apply.
0
 

Author Comment

by:spring80
ID: 38746744
there is no whatsapp application in the windows , I want to disable whatsapp in all smartphones in my Network ,because it is waste of time in work time .

I block connection to port :5222 ,5223 , 5228 from my firewall
and I create a rule to block access to whatsapp.com and whatsapp.net but whatsapp application continue to work .

any idea ??
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 31

Expert Comment

by:Frosty555
ID: 38747773
From what I've read, whatsapp will use port 80 or 443 to try and bypass firewall restrictions. You would need an application layer firewall that is actually scrutinizing the contents of packets to block it.

Even then, any rules you make would only work when the smartphone is actually on your wifi network. Any phone using the 3G network is outside of your control and you can't block them.

So really there isn't anything you can do at a technical level. Instead, you should enforce a "no playing on cell phones" company policy.
0
 

Author Comment

by:spring80
ID: 38747996
sure I want to block whatsapp for the smartphone using our wifi network not for 3G sure.
so what IP should I block in my firewall ???
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 250 total points
ID: 38749375
you should block port 80 and 443 for corresponding IP
> so what IP should I block in my firewall ???
use nslooup or ping to get the ip

don't forget to ensure that your firewall closes all open connections, reboot if in doubt
0
 
LVL 31

Accepted Solution

by:
Frosty555 earned 250 total points
ID: 38749396
Unless Whatsapp actually publishes the list of IP addresses their servers use you will have to just do wireshark captures and nslookups on their domain names and try to grab IPs out of the air.

It's possible they have a couple servers that you can just block, but more likely is WhatsApp uses some kind of cloud distributed hosting like Amazon AWS. If that's the case the service is stored on a range of servers accessible from geographically distributed blocks of IPs, you can't really just block IPs.

Does Kerio Control have application-layer blocking or protocol inspection? E.g. block all Chat applications, or block protocols that have a keyword in them? That's your best bet for attempting to block the service.
0
 

Author Comment

by:spring80
ID: 38753733
yes Kerio control has application-layer blocking and protocol inspection ..

I try block all chat application but no luck .
how can I use the protocol inspection to block whatsapp ??
0
 

Author Comment

by:spring80
ID: 38753781
ok now I did it.
I successfully block whatsapp in my network .
I know now what ip and port is using by whatsapp and I block them.
trying many times from the firewall log and I did it.

thanks for all
0
 

Author Comment

by:spring80
ID: 38767753
I've requested that this question be closed as follows:

Accepted answer: 0 points for spring80's comment #a38753781
Assisted answer: 500 points for Frosty555's comment #a38749396

for the following reason:

thanks
0
 

Author Closing Comment

by:spring80
ID: 38767754
thanks
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Span IP Range across two sites via Cisco ASA Site-to-Site VPN 8 62
Dlink-DIR 816 router 4 40
HP 2530 switch and routing 4 58
Blocking outside IP Addresses 16 45
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question