Penetration Testing mailing list archives
RE: Skype
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 7 Jan 2004 14:10:27 -0500
I've played with it a bit. I'd point out that it's not really a P2P network as much as a cross between a VOIP network and and IM system. They do call it P2P, but in the end if you stretch the meaning enough all networks are P2P in the end. I haven't looked at the crypto, however. The first thing you'll notice is a ton of UDP traffic and ICMP pinging. Skype seems to be REALLY decentralized, and seems modeled on gnutella in its behavior. I'm not sure what purpose is served by all the ping activity, however, and I do wonder what negative impact, if any, exists when a host doesn't reply to ICMP echo-requests. I've not played with it in a bit, and I'm due for an upgrade. I'll say this; if it does have any vulnerabilities, they're going to be bad, much like they were in the early days of ICQ and AIM.
-----Original Message----- From: Kim.Sassaman () cox com [mailto:Kim.Sassaman () cox com] Sent: Wednesday, January 07, 2004 12:17 PM To: pen-test () securityfocus com Subject: Skype Has anyone done an evaluation of the Skype p2p network and encyption methods? www.skype.com -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Skype Kim.Sassaman (Jan 07)
- RE: Skype Rob Shein (Jan 07)