Educause Security Discussion mailing list archives
Re: Skype?
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Tue, 3 Feb 2009 10:19:34 -0700
a. Supernode: Information on hundreds of other Skype users could be routed through the PCC network. A PCC computer would act as a "communications" hub for these users, with all call setups going through the PCC computer. This "functionality" is on by default, but can be disabled by altering the Windows Registry.We find, by tracing Netflow records, that a supernode will contact over 500,000 different remote machines a day (yes, 500K). Typically, we disable machines once they get to this number of NetFlow records.
Interesting data! That is quite impressive. Any idea what version of Skype the machine was running? For the impact numbers we pulled from a SANS report: http://www.sans.org/reading_room/whitepapers/voip/skype_a_practical_security_analysis_32918?show=32918.php&cat=voip Someone else asked me offline about the privacy and monitoring section. We could have better rephrased this to "Skype may be able to decrypt communications, perhaps due to CALEA compliance." Source: http://www.networkworld.com/news/2008/072908-skype-voip-decrypt.html ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Skype? Clark, Sean (Feb 03)
- <Possible follow-ups>
- Re: Skype? Basgen, Brian (Feb 03)
- Re: Skype? Tupker, Mike (Feb 03)
- Re: Skype? Mike Porter (Feb 03)
- Re: Skype? Basgen, Brian (Feb 03)
- Re: Skype? Stanclift, Michael (Feb 03)
- Re: Skype? Mike Porter (Feb 03)
- Re: Skype? Tupker, Mike (Feb 03)