PfBlockerNG blocking Whatspp? (SOLVED)



  • Hi,
    So previously I have been able to block whatsapp using a trail/error method by having an iphone and using an APP called firewall IP. Then once whatsapp connects it shows me the IP it was connected from that I would use a ipv subnet calculator to block it. But recently seems that whatsapp stepped up there IPs.

    Before it showed me IPs now it shows me dynamic dns but either way I open cmd and try to ping it which then it shows me the IP.

    The issue is not sure if its pfBlockerNG is blocking or if the subnet calculator is wrong for ex:

    e11.whatsapp.net –--- 108.168.174.12

    on my ipv4 list i have 108.168.0.0/8 which it should be from 108.0.0.1 to 108.255.255.254 and im pretty sure that goes in that range

    Or im open to suggestion if theres another way?

    Thank you


  • Moderator

    Hi killmasta93,

    Whatsapp is in the Softlayer Network. So you won't be able to arbitrarily block ranges…

    http://bgp.he.net/AS36351#_asinfo
    https://asn.cymru.com/cgi-bin/whois.cgi

    [Querying v4.whois.cymru.com]
    [v4.whois.cymru.com]
    AS      | IP               | AS Name
    36351   | 108.168.174.12   | SOFTLAYER - SoftLayer Technologies Inc.,US
    

    Did a quick google search and it looks like Whatsapp provides a complete IP address listing… You can probably just use that. Hope that helps.

    https://www.whatsapp.com/cidr.txt



  • Hi BBcan177,
    Thank you for the reply,

    So been at it for the past few days and not sure why.

    So i added your list but heres the funny thing.

    6.b1.a86c.ip4.static.sl-reverse.com is 108.168.177.6

    on the rules i have 108.168.177.0/27 which is 108.168.177.1-108.168.177.30

    On my computer I cannot ping it so in theory it is blocking

    but for some odd reason I can connect to the whatsapp on the iphone not sure how its possible

    Thank you





  • Moderator

    Did you clear any open Firewall states to those IPs?



  • yep just reset all states and no luck :(

    I remember i did this around last year, but i feel like they cranked up the IPs and now they seem to use dynamic DNS which is worse…but whats odd is that on my computer no ping but on the iphone it shows connected  :o



  • @killmasta93:

    now they seem to use dynamic DNS

    What you tried should have worked. You could also try dns blocking. Add whatsapp.com and it's subdomains (https://pentest-tools.com/information-gathering/find-subdomains-of-domain) to DNSBL in pfblockerNG, and force clients to use pfSense as DNS server (https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense)



  • Hi pf3000,
    Thanks for the reply. So this is what i tried nothing makes sense anymore  :-\

    Tried OpenDNS and it was working blocking the typical facebook then i went to navigate whatsapp.com also gets blocked but I connect my iphone immediately it connects to whatsapp. So failed miserably

    Then tried DNSBL when I did the Enable Domain/AS check it and added the list from the site you sent me and nothing :( but whats odd it shows that it gets blocked on the logs of the firewall I have no clue what is whatsapp servers doing.

    EDIT: BAM just blocked it it was using some IPs from amazon finally…. the whatsapp.txt has been updated I will keep it updated. I wonder how long until they update it :(

    http://www.mediafire.com/view/xnnzh0d00kbffpu/whatsapp.txt


Log in to reply