Full Disclosure mailing list archives
RE: blocking SkyPE?
From: <lists-security () nettracers com>
Date: Tue, 25 Jan 2005 00:04:45 -0800
Full-Disclosure aspect: knowing the capabilities and limitations of the various firewalls employed. How policies can be violated without detection. Vendors and open-source community need to push to solve these real world problems.
...but the real question is: can they detect SkyPE specifically?
This is from a Fortigate with factory release NIDS, AV and IPS databases - nothing custom - (someone with a checkpoint and others may pipe in here with their capabilities): On Status page: Recent Intrusion Detections Time Src/Dst Service Attack Name 2005-01-24 22:35:16 10.0.0.12 206.14.209.40 http skype Skype In Alert Log: 2005-01-24 22:35:16 log_id=1421051110 type=ips subtype=signature pri=alert vd=root attack_id=109051909 src=10.0.0.12 dst=206.14.209.40 src_port=3743 dst_port=80 src_int=port1 dst_int=port2 status=detected proto=6 service=http msg="p2p: skype,[Reference: http://www.fortinet.com/ids/ID109051909]" I am not blocking skype traffic or the kazaa traffic that is detected, but use this info to quantify the use of the network and to throttle bandwidth if needed to maintain QOS for business-critical functions. Once you muck with the priority of skype traffic, its utility as a usable telephone disappears. I think that Virgin Mobile has a cool invention called the cellular phone that most corporate skype users will find has better quality anyway. BTW, I found this statement on the skype firewall info page to be laughable, and since I like to laugh, I read it twice: "Ideally, outgoing TCP connections to all ports (1..65535) should be opened. This option results in Skype working most reliably. This is only necessary for your Skype to be able to connect to the Skype network and will not make your network any less secure." ...sure no egress limiting makes for a real secure network. I'll remember that 2bits worth of advice for my next consulting gig. I just had to argue this point with a user last week who quoted that exact line...he sounded real convincing too, and said "TCP" as if he really understood what he was talking about. Good Luck! - Bryan K. Watson - bwatson () nettracers com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- blocking SkyPE? Alain Fauconnet (Jan 24)
- RE: blocking SkyPE? lists-security (Jan 24)
- RE: blocking SkyPE? Brenno J.S.A.A.F. de Winter (Jan 24)
- Message not available
- Re: blocking SkyPE? Alain Fauconnet (Jan 24)
- Re: blocking SkyPE? Valdis . Kletnieks (Jan 24)
- Message not available
- Re: blocking SkyPE? Alain Fauconnet (Jan 24)
- RE: blocking SkyPE? lists-security (Jan 25)
- Re: blocking SkyPE? Alain Fauconnet (Jan 25)
- RE: blocking SkyPE? lists-security (Jan 25)
- Re: blocking SkyPE? Alain Fauconnet (Jan 25)
- Re: blocking SkyPE? Alain Fauconnet (Jan 24)
- RE: blocking SkyPE? lists-security (Jan 24)