Educause Security Discussion mailing list archives

Re: Skype on the network

From: Mike Porter <mike () UDEL EDU>
Date: Thu, 9 Apr 2009 11:32:44 -0400

On Wed, 8 Apr 2009, Brian Epstein wrote:

We find that supernodes contact a large number of remote hosts on a
daily basis.  If a supernode runs long enough, it can reach over
1,000,000 remote computers a day.  We disable any machine contacting
over some number of remote computers per day.  Skype or not.

We've also found that Skype will create as many supernodes within
your IP range as they see fit.  We've disabled 10 in one day at
times.

The bandwidth requirements of supernodes is not especially high,
however the number of remote hosts contacted generates a great deal
of NetFlow, which I believe is causing us to lose NetFlow data and
therefore compromises our ability to monitor the network.  I can not
see making an argument to increase our NetFlow resources in order to
support a vendor's servers.

Skype is a poor choice, in my opinion.  If Skype wants to run a
service like this, then they should install servers like eveyone
else.

Mike

Mike Porter
Systems Programmer V
IT/NSS
University of Delaware

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/08/2009 11:00 AM, Todd Bossaller wrote:
| I know this has been covered before but I would like to inquire again.
| Do you allow Skype on your network?  If not, why?
| Have you had issues with security?

We allow it.  It is widely used by many of our faculty and members.  I
haven't found many issues with it.  We do retain the right to throttle
or block it if something malicious does come to light.

Thanks,
Brian

- --
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Network and Security Officer            Institute for Advanced Study
Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFJ3MgsYRdMJQNxwSoRAvURAJ0eMssZZBnbXmoxXxZDEvaZEwyFjwCguVW8
Y19DgD+JVoLclRzxNEIpWCI=
=cHyD
-----END PGP SIGNATURE-----


-
Mike Porter
PGP Fingerprint: F4 AE E1 9F 67 F7 DA EA  2F D2 37 F3 99 ED D1 C2

Current thread:

Skype on the network Todd Bossaller (Apr 08)
- <Possible follow-ups>
- Re: Skype on the network Di Fabio, Andrea (Apr 08)
- Re: Skype on the network Todd Clementz (Apr 08)
- Re: Skype on the network Brian Epstein (Apr 08)
- Re: Skype on the network Joel Rosenblatt (Apr 08)
- Re: Skype on the network Michael Sinatra (Apr 08)
- Re: Skype on the network Gary Dobbins (Apr 08)
- Re: Skype on the network Allan Williams (Apr 08)
- Re: Skype on the network Russ Leathe (Apr 09)
- Re: Skype on the network Mike Porter (Apr 09)
- Re: Skype on the network Todd Bossaller (Apr 09)