topic Re: whatsapp not blocked on smartphone in OpenDNS

whatsapp not blocked on smartphone

54789123 — Sun, 31 Jan 2021 09:33:18 GMT

Hi,

I try to block whatsapp on my network using OpenDNS.

Web filtering is up. whatsapp.com and whatsapp.net are "always blocked" (see image).

Smartphone is in "plane mode", no data activated and only using the local wi-fi connection.

However, whatsapp application is working on the smartphone !?!? The web address whatsapp.com is indeed bloocked if opened with a networks browser but the whatsapp application working like a charm.

Does someone know if the smartphone application is using another domain (than whatsapp.com or .net) ? I do not see any other explanaition (alternatibely the IP noumber might be harcoded in the application but that sounds dumb).

best

Re: whatsapp not blocked on smartphone

rotblitz — Sun, 31 Jan 2021 16:25:59 GMT

“Does someone know if the smartphone application is using another domain (than whatsapp.com or .net) ?”

Yes, you got the right domains. But theoretically the WhatsApp app could use another DNS service or IP addresses if it sees that domains may be blocked.

Re: whatsapp not blocked on smartphone

54789123 — Sun, 31 Jan 2021 17:33:17 GMT

Digging more into the phone I discovered that Android is adding a second DNS to smartphone IP config which is a Google DNS (8.8.4.4.) as my wi-fi router is distributing only one DNS. As my NATed network is 10.0.0.0 I modifyed the network mask to avoid routing to 8.8.4.4 (mask /6 instead of mask /8). But whatsapp is still managing to connect despite this trick. It does not seem to be an IPv6 access so the last hypothesis is that there is a hardcoded DNS address in whatsapp. Unfortunately I do not have a monitor capable wi-fi card to sniff the wifi network and the access port is old and ... basic, it does not allow logging.

If someone knows the whatsapp DNS adresses I'm interssested in.

Re: whatsapp not blocked on smartphone

rotblitz — Sun, 31 Jan 2021 17:39:57 GMT

You go through your domain stats and raise an nslookup for those.

By the way, the network mask does not have impact on the DNS server addresses which can be any.

Re: whatsapp not blocked on smartphone

54789123 — Sun, 31 Jan 2021 17:52:37 GMT

There are blocked requests to whatsapp domains in the stats (but phone application still workings). I guess that I have to set un a network tap and sniff all the traffic between the wi-fi AP and router.

> By the way, the network mask does not have impact on the DNS server addresses which can be any.

Not as a DNS but you can trick the IPs. Assume that computer IP is 10.0.0.1 and mast is 252.0.0.0.

In that case the IP number 8.8.4.4. will appear as being on the local network to the PC. Then it will attemp to communicate directly without routing. It is a dirty networking trick. Not to use unless you know what you are doing.

Re: whatsapp not blocked on smartphone

rotblitz — Sun, 31 Jan 2021 20:47:42 GMT

Ah good, I understand.