Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 28 subscribers
  • Views 22130 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't seem to block IRC chat

Gary Parr

Hi all,

 

XG Home user here, trying to setup some policies before I give my kid her first laptop. I wanted to see if I could block chat services at first, and one of the built-in chat clients on the Linux Mint install I used was HexChat, an IRC client. So, I've created a firewall rule that uses her laptop MAC address as the source device from LAN to WAN.  I then added to this firewall rule a custom web policy which blocks online chat. I then added a custom application filter that blocks, among other things, the IRC network service.

Imagine my surprise when I fire up HexChat on her laptop and it just connects to irc.spotchat.org on the default IRC port 6667 like a happy little camper with no issues.

I'm 99% sure her laptop is hitting this rule. If I disable logging on every other rule and only log on this one, I can see real-time logs of traffic from her IP.  The IRC network traffic shows up in the XG "Live Connections" tab as "other applications" rather than IRC.

Does this mean that XG doesn't recognize IRC chat or is there something I'm overlooking?

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I would suspect that the site you are accessing is not classified in the XG as an IRC site. There is an ongoing discussion about classifications. For home users we can only post failures like this on the forum and hope that one of the mods picks up the details.

    Ian

  • 0 in reply to rfcat_vk

    Interesting. The domain itself is recognized as "online chat" when using the URL Category Lookup on the diagnostics, and is correctly blocked if I use a browser. The IRC client however, has no problem getting through.

    I thought IRC blocking through the Application Filter was based on identifying the actual network packets passing through XG rather than by host matching. Unless I'm completely wrong about how XG works, I'd assume that any IRC traffic should be blocked regardless of what the target URL was.

    Thanks,

    Gary

Reply
  • 0 in reply to rfcat_vk

    Interesting. The domain itself is recognized as "online chat" when using the URL Category Lookup on the diagnostics, and is correctly blocked if I use a browser. The IRC client however, has no problem getting through.

    I thought IRC blocking through the Application Filter was based on identifying the actual network packets passing through XG rather than by host matching. Unless I'm completely wrong about how XG works, I'd assume that any IRC traffic should be blocked regardless of what the target URL was.

    Thanks,

    Gary

Children
  • 0 in reply to Gary Parr

    No, the blocking only works on web pages, you would have to create a firewall rule that blocked that port or port range.

    Ian

  • 0 in reply to rfcat_vk

    Ian, I believe we are confusing the Web Policy and Application Control. The first is only for URL over HTTP(S) while the latter should be URL agnostic.  As an example, I can enable a single application filter to block the SSH protocol. When this filter is applied on a firewall rule, it blocks all SSH traffic caught by that rule regardless of destination URL. It is this application filter I'm attempting to use. IRC is identified as a network protocol, just like SSH, and as such any IRC traffic should be stopped when the rule is engaged.