How to disable Dropbox LAN sync. on pfsense



  • Dear All,

    i have around 80 machine on my network and the 80 doing sync for their data on dropbox ,

    am just trying to stop these thing

    what can i do using pfsense ?

    thanks


  • Netgate Administrator

    The LAN sync traffic between boxes on your LAN subnet does not go through pfSense at all (unless you have multiple internal subnets) and the cloud sync traffic uses port 80 so it's hard to block (deliberately!).

    Steve



  • I expect you can use the same strategy as discussed for FaceBook here: https://forum.pfsense.org/index.php/topic,69860.msg383922.html#msg383922

    It seems that the magic "AS" number for DropBox is AS19679 -  http://bgp.he.net/AS19679
    and the actual IP subnets allocated - http://whois.arin.net/rest/org/DROPB/nets

    I imagine if you block all those destination addresses your users will be knobbled.

    But, of course, if people can connect a VPN from their computer out to a VPN provider, then they can tunnel through and then out to DropBox (or whatever) via the VPN provider - it's a losing game really trying to block stuff.


  • Moderator

    Would the Policy rules of Snort Block this?

    2012647 tcp $HOME_NET any $EXTERNAL_NET $HTTP_PO… ET POLICY Dropbox.com Offsite File Backup in Use
    2012648 udp $HOME_NET 17500 any 17500                         ET POLICY Dropbox Client Broadcasting
    2804233 tcp $HOME_NET any $EXTERNAL_NET $HTTP_PO... ETPRO POLICY dl.dropbox Download
    2014313 tcp $EXTERNAL_NET $HTTP_PO... $HOME_NET any ET POLICY Executable Download From DropBox
    2017015 tcp $EXTERNAL_NET 443 $HOME_NET any ET POLICY DropBox User Content Access over SSL