Security

I'm trying to provide access to our Kindle devices to the Amazon Appstore before authenticating on our captive portal network. I've found very little and I've attached an android device and tried to check the datapath session table but the kindle was trying to reach a lot of destinations.

Here are networks I was allowing:

72.21.0.0/16

184.84.227.3/32

207.171.162.142/32

216.137.33.0/24

I was allowing ports 80 and 443 and not seeing any denies to these address when checking.

Thanks in advance,

Rosie

I did a pcap and used ClearSight Analyzer to read it and produce host names where applicable and was able to get the amazon appstore to load and browse apps but not download apps. The NAT addresses looked like they were going to an akamai server and several other IPs that changed each time I tried to redownload an app or download a different app.

Any other thoughts? I am so close!

Ive seen multiple devices go to different destinations and its also different by reagion. Here is the complete list of the ones that I have seen.

Kindle Fire CNA

http://spectrum.s3.amazonaws.com/kindle-wifi/wifistub.html

Google Play (aka Android Market)

android.clients.google.com - google play access
.ggpht.com - download app from google play store

Additional (these resolved IPs may not match your local environment):
android.clients.google.com - 74.125.103.138, 74.125.239.128~135, 137, 142
android.pool.ntp.org
googleusercontent.com - 74.125.239.138~140, 74.125.239.42~44
gstatic.com - 74.125.239.47
accounts.google.com - 74.125.22.84
clients1.google.com - 74.125.228.0~9,14
www.google-analytics.com - 74.125.228.32
i.ytimg.com - 74.125.239.32~41, 46
lh6.ggpht.com - 74.125.239.42~44

Amazon Market

amzdigitaldownloads.edgesuite.net

For amazon I've added:

mst-ext.amazon.com

mas-ssr.amazon.com

mas-ext.amazon.com

applab-sdk.amazon.com

72.21.0.0/16

184.84.227.3

207.171.162.142

216.137.33.0

But ultimately I'm just putting a local copy of the APK that they'll need to download becuase what a pain!