Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 26 subscribers
  • Views 11327 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Facebook Application Misidentification?

Emile Belcourt

Hi all,

I've been noticing a lot of TOR proxy activity hitting my application filter log and at first thought unrelated but the wonderful gem of social media, face book stopped working.

The logs would always be from a 31.x/8 subnet and when i did a reverse IP it was owned by Facebook. I could try refreshing the app on my phone and it would sit there doing nothing but as soon as i allowed TOR proxy the app kicked into life.

, is there an issue with Facebook app misclassification at the moment?

Emile



This thread was automatically locked due to age.
Parents
  • 0

    Hi Emile,

    Haven't seen this reported yet. Configure an Application Category for Facebook signatures and allow it inside the App policy which blocks it. 

    Any help with that?

  • 0 in reply to sachingurung

    Hi Sachin,

    That's weird, on my home XG it was all to do with the TOR Proxy but at the HO XG it is showing as Facebook Graph API. I've also been seeing Windows updates showing as Freegate Proxy and another legitimate traffic, it seems being classified as Ares P2P.

    I'm going to have sit down and do a proper controlled analysis of this, will come back to this :)

    Emile

  • 0 in reply to Emile Belcourt

    Hi Emile, we shouldn't have to jump through hoops for XG to categorize applications correctly. Look at the pic below, both IPs are close enough yet one is correctly identified as facebook and the other one is TOR. I agree that mostly the TOR traffic is for 31.x.x.x subnet.

    and if I look at my high risk application report for TOR, I get this

  • 0 in reply to Billybob

    Hi Billybob

    Getting the exact same!

    That was filtered to the TOR Proxy and there's been 125MB of traffic today, mostly from my wifes phone because she's a social afficonado on it.

     I think we may have a bigger problem here, what do you need from us, except from a controlled lab test? You should be able to perform the same, happy to provide my configuration details.

    Emile

  • 0 in reply to Emile Belcourt

    Unknown said:
    That was filtered to the TOR Proxy and there's been 125MB of traffic today, mostly from my wifes phone because she's a social afficonado on it.

     

    Same here[8-|] she is using the iphone app if it makes a difference. The point is that many organizations have social media presence these days and if you block high risk apps, facebook would be randomly blocked for some people and not the others. I hate troubleshooting problems like that ;)
     
    Regards
    Bill
  • 0 in reply to Emile Belcourt

    Hi All,

    I will test and do some internal R&D before answering to this thread. Please provide me sometime.

    Thanks

    • Reply Children
    No Data