May 21, 2013

I did a little packet capture work and analyzed how google drive currently works.
From a web browser as well as from the fat client.

Based on those captures and some testing I was able to block the service fairly easily.

I’ve published a couple of bogus DNS records in my DNS server to more or less successfully block google drive.

The most important appear to be

drive.google.com
(Direct web access using the subdomain)

clients3.google.com
upload.drive.google.com
(the fat client for windows resolves these at startup)

Gmail and Google searches still appear to work.
Google docs however will not.

Based on some discovery regarding the numbering scheme for clients*.gogole.com as well as what the above addresses resolve to here’s the full list of what I am using to answer DNS requests for to block the service.

drive.google.com
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
clients5.google.com
clients6.google.com
clients.l.google.com
upload.drive.google.com
large-uploads.l.google.com

This may be overkill. Currently answering DNS requests with zones for for clients3.google.com as well as *drive.google.com (which includes upload.drive.google.com) with NXDOMAIN or 127.0.0.1 seems to do the job.

And the only ill effect I can see is that google docs no longer works.

I understand that this method isn’t foolproof; however if you’re looking for a quick and easy way to effectively keep most of your users from accessing drive this method works fairly well.

Extremely dangerous. Proceed at your own risk.

I know my previous post was a bit negative, and despite the many honest truths within I like to think that we do make a difference.

I am so done with simple Wireless that it isn’t even funny, but looking back at the statistics I can agree that what was done was well worth it.

The last Wireless map I generated sometime in 2004 or so had around 20,000 access points mapped in the Metro Phoenix area.

While that number is now in the Millions one thing has changed, and that is the number of encrypted access points.

Back in 2004 less than 20% of networks were protected. According to wigle.net statistics in 2010 those numbers have improved significantly.

Networks with crypto: (47.8%)
Networks without crypto: (34.3%)
Networks crypto unknown: (17.7%)

So, what comes next? What can we improve next? Whose pants keep falling down, and how can we get them a belt? Crack Kills, let’s give em a hand here.

Technology has become so complex that it is impossible to protect everything.

Security is not software, security is not something you can buy, security is not something you can expect people who do not specialize in security to respect, therefore when you have people using systems that share information, and those people demand things that allow them to make technology choices that they should not be making you have a big problem.

If you believe otherwise you are either naive, or spent a lot of money on something and refuse to see the truth.

If there is anything to be said about Security it is that nothing is secure. The more you learn the more you realize how flawed everything is. Security is an illusion, and people who should not be connected because they cannot handle the responsibility of protecting themselves demand it. They paid their $79 subscription fee to Mcafee, and it may buy them peace of mind but it does not buy them security. The day the user stops blaming the computer, stops blaming the software, and starts blaming themselves because they finally found that they are the gaping security flaw is the day that I regain faith in what security can be. Until then, all I can do is do my best to help when I can and where I can realizing that we may never be able to correct the biggest flaw of all, the people bug.