Nmap Development mailing list archives
Re: Skype v2 in the news
From: "Adam Vartanian" <flooey () gmail com>
Date: Fri, 7 Jul 2006 08:30:22 -0700
I've looked at a lot of Skype fingerprint output and poked an a number of Skype owned ports. As long as a HTTP GET request isn't sent the data the comes back looks totally random. I'm sure the initial data is meaningful in some way (session key, public key, RC4 stream, etc) but it certainly isn't obviously patterned. Considering the service versioning isn't interactive (can't interact with the data received) I don't think it is possible to develop a fingerprint that isn't based on voodoo.
That's the same result that I got when I looked at it. Once the client sends 14 bytes of data, the service responds with 14 bytes of random-looking data. Since 14 bytes is the proper length for a 112-bit 3DES key, my guess is that it's a DH key exchange, but that's truly a complete guess.
I'd be interested in hearing any other thoughts on the headache that is Skype.
I pretty much came to the same conclusion, that the scripting module (or something like it) will be necessary to detect it. - Adam _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Skype v2 in the news doug (Jul 07)
- Re: Skype v2 in the news Brandon Enright (Jul 07)
- Re: Skype v2 in the news Adam Vartanian (Jul 07)
- Re: Skype v2 in the news Brandon Enright (Jul 07)
- Re: Skype v2 in the news Adam Vartanian (Jul 07)
- Re: Skype v2 in the news Brandon Enright (Jul 07)