Re: Blocking Skype on ISP level

[Jochen Kaiser <Jochen.Kaiser () rrze uni-erlangen de>]

This can be achieved by using an IDP system and blocking the
appropriate p2p protocol (I forgot which one. overnet?). 
An IDP is a device which works with signatures as known from
IDS-Systems and instead of reporting malicious activity
it blocks packets or connections. Therefore it must be placed
in your forwarding path.

At the moment, there are fast linux based appliances which are
capable of forwarding a few hundred megabits depending on the
ruleset. (It is worth to mention, that the bandwidth is not the
problem here, but that you will get jitter and delays by using
a forwarding device in software where asics/fpga should be used.
So as an ISP who shall grant best quality for all customers the
usage of a software based IDP may not be the appropriate way.
For the end customer it may be the right choice.)

regards,
jk



On Mon, Apr 04, 2005 at 01:51:44PM +0400, AH AH wrote:
> Some ISPs are blocking Skype traffic on their networks, does anyone
> know how did they succeed in doing that? as per the analysis done on
> the skype peer to peer internet telephony protocol paper
> http://arxiv.org/ftp/cs/papers/0412/0412017.pdf
> Skype still succeeds in bypassing  firewalls and NAT devices, i would
> like to have the public feedback on the best ways to block it on the
> ISP level.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/