Forums, Facebook, Google, Twitter

[vefatica]

I logged onto the forums at 15:40:24 while logging IP traffic between my computer and 172.217.*.* (Google), 31.13.*.* (Facebook), and 199.16..*.* (Twitter) and walked away from the computer for 10 minutes. When I returned, I found 729 connections, extending over a period of 2.5 minutes, 545 with Google, 139 with Facebook, and 45 with Twitter.

I'd expect a few connections at first (to get icons, at least). But I must wonder ... what else is going on? I'm not complaining. I just want to know how it works.

The log file (not particularly interesting) is attached.

 

[vefatica]

Enabling Quantum's "Tracking Protection" got rid of the Facebook and Twitter connections with no ill effects (so far).

Firewalling outbound connections to a few (64K) Google hosts took care of the Google ones, again with no ill effects (so far).
Navigating the forums is a little faster.

 

[Charles G]

How would I determine the range for firewalling outbound connections for Google; I do use Gmail. etc for email.....

Is there a chance that @vefatica could export his google outbound rules and I could test his? I do not really want to play around with the firewall.....

 

[vefatica]

These are the commands I used (elevated) to create the filters. I'll attach an export if I can get one.

netsh advfirewall firewall add rule name=aagoogle_ dir=out action=block enable=yes localip=any remote=172.217.0.0/16
netsh advfirewall firewall add rule name=aagoogle2_ dir=out action=block enable=yes localip=any remote=216.58.192.0/19

Whether the'll work for you is very iffy. Google's network is vast.

I figured all this out by brute force and trial and error (and with my fingers crossed). If you have a packet sniffer, just filter for ports 443 and 80 and connect to the forums. You might want to try Microsoft's "Message Analyzer" (supposed replacement for "Network Monitor"). It's free and easy to install (need a reasonably new DotNet). I haven't mastered it's use.

You can also do "ipconfig /displaydns". I have no Google hosts in there normally (verify that). After connecting to the forums, I have several (but do that soon after connecting because those entries don't have a very long "time-to-live".. Just looking at the source for the forums's home page, I see

<link href='//fonts.googleapis.com/css?family=PT+Sans:400,700|Open+Sans:400,700' rel='stylesheet' type='text/css'>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>

Once you have a few google IPs, you can go to www.arin.net and use their "whois" service (or your own whois if you have one) to get IP ranges.

Good luck. Please let us know how you make out.

Exported GOOGLERULES.TXT is attached.

 

[Charles G]

ipconfig /displaydns > displaydns.txt is attached....

 

[Joe Caverly]

My hosts file blocks the majority of the nasties.

http://winhelp2002.mvps.org/
http://www.hostsfile.org/

Joe

 

[vefatica]

ipconfig /displaydns > displaydns.txt is attached....

Looking at that, it doesn't look like you were connected to the forums when you collected that data. When not connected to the forums, I see nothing.

v:\> ipconfig /displaydns | grep google

v:\>

When connected to the forums, I see

v:\> ipconfig /displaydns | grep google | grep -v Record | sort | uniq
    ajax.googleapis.com
    apis.google.com
    clients.l.google.com
    clients1.google.com
    fonts.googleapis.com
    googleadapis.l.google.com
    googleapis.l.google.com
    gstaticadssl.l.google.com
    plus.google.com
    plus.l.google.com
    www.google.com

v:\>

I have a utility called WHOISIP.EXE (free). Wrapped in an alias (wi) and used on those hostnames, I get a good idea what IPs to try blocking.

v:\> do host in @clip: (wi %host & echo.)
Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         216.58.192.0/19
From IP:      216.58.192.0
To IP:        216.58.223.255
CIDR:           216.58.192.0/19
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         216.58.192.0/19
From IP:      216.58.192.0
To IP:        216.58.223.255
CIDR:           216.58.192.0/19
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         216.58.192.0/19
From IP:      216.58.192.0
To IP:        216.58.223.255
CIDR:           216.58.192.0/19
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

Country:      USA - California
Owner Name:   Google LLC
CIDR:         172.217.0.0/16
From IP:      172.217.0.0
To IP:        172.217.255.255
CIDR:           172.217.0.0/16
Country:        US

 

[Charles G]

c:\> ipconfig /displaydns > displaydns.txt
while connected to this thread....
and using the HOSTS file from the first website earlier in this thread, think posted today.