Educause Security Discussion mailing list archives

Re: Skype on the network

From: Todd Bossaller <bossallert () MOVAL EDU>
Date: Thu, 9 Apr 2009 10:35:21 -0500

Isnt it impossible for a client to become a supernode that resides behind a firewall with NAT?  If so, I don't see that 
as a problem for us.

Todd Bossaller
Systems Administrator
Missouri Valley College
500 E College St. 
Marshall,  MO. 65340
p(660) 831-4088
f(660) 831 -4068
bossallert () moval edu
This document may contain confidential information and is intended solely for the use of the addressee. If you received 
it in error, please contact the sender at once and destroy the document. The document may contain information subject 
to restrictions of the Family Educational Rights and Privacy and the Gramm-Leach-Bliley Acts. Such information may not 
be disclosed or used in any fashion outside the scope of the service for which you are receiving the information


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike 
Porter
Sent: Thursday, April 09, 2009 10:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Skype on the network

On Wed, 8 Apr 2009, Brian Epstein wrote:

We find that supernodes contact a large number of remote hosts on a
daily basis.  If a supernode runs long enough, it can reach over
1,000,000 remote computers a day.  We disable any machine contacting
over some number of remote computers per day.  Skype or not.

We've also found that Skype will create as many supernodes within
your IP range as they see fit.  We've disabled 10 in one day at
times.

The bandwidth requirements of supernodes is not especially high,
however the number of remote hosts contacted generates a great deal
of NetFlow, which I believe is causing us to lose NetFlow data and
therefore compromises our ability to monitor the network.  I can not
see making an argument to increase our NetFlow resources in order to
support a vendor's servers.

Skype is a poor choice, in my opinion.  If Skype wants to run a
service like this, then they should install servers like eveyone
else.

Mike

Mike Porter
Systems Programmer V
IT/NSS
University of Delaware

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/08/2009 11:00 AM, Todd Bossaller wrote:
| I know this has been covered before but I would like to inquire again.
| Do you allow Skype on your network?  If not, why?
| Have you had issues with security?

We allow it.  It is widely used by many of our faculty and members.  I
haven't found many issues with it.  We do retain the right to throttle
or block it if something malicious does come to light.

Thanks,
Brian

- --
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Network and Security Officer            Institute for Advanced Study
Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFJ3MgsYRdMJQNxwSoRAvURAJ0eMssZZBnbXmoxXxZDEvaZEwyFjwCguVW8
Y19DgD+JVoLclRzxNEIpWCI=
=cHyD
-----END PGP SIGNATURE-----


-
Mike Porter
PGP Fingerprint: F4 AE E1 9F 67 F7 DA EA  2F D2 37 F3 99 ED D1 C2

Current thread:

Skype on the network Todd Bossaller (Apr 08)
- <Possible follow-ups>
- Re: Skype on the network Di Fabio, Andrea (Apr 08)
- Re: Skype on the network Todd Clementz (Apr 08)
- Re: Skype on the network Brian Epstein (Apr 08)
- Re: Skype on the network Joel Rosenblatt (Apr 08)
- Re: Skype on the network Michael Sinatra (Apr 08)
- Re: Skype on the network Gary Dobbins (Apr 08)
- Re: Skype on the network Allan Williams (Apr 08)
- Re: Skype on the network Russ Leathe (Apr 09)
- Re: Skype on the network Mike Porter (Apr 09)
- Re: Skype on the network Todd Bossaller (Apr 09)