IDS mailing list archives
Re: Skype & IPS vendor claims
From: Kevin <kkadow () gmail com>
Date: Tue, 16 May 2006 13:03:05 -0500
On 5/16/06, Vladimir Parkhaev <vladimir () arobas net> wrote:
Greetings, Many IPS vendors are claiming that their devices can block Skype. Reading "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol" (http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf), paper I fail to see how those claims can be true.
Assuming your clients are behind a correctly configured firewall which prevents them from exchanging arbitrary UDP packets with Internet hosts, all you need to do is break the communication with the supernode. This will be TCP/80 or 443 traffic that isn't using HTTP/HTTPS protocol, so it can be caught by anomaly detection.
Has anyone looked into blocking Skype?
Blocking Skype is possible: "SC Must establish a TCP session with a SN in order to connect to the Skype network. If it cannot connect to a super node, it will report a login failure." Having blocked it, I have users insisting it be opened back up. I'm looking into *permitting* Skype without permitting other unknown P2P applications, and not getting anywhere. The decentralized nature of the protocol prevents writing any sort of whitelist for Skype traffic. Kevin ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Skype & IPS vendor claims Vladimir Parkhaev (May 16)
- Re: Skype & IPS vendor claims Jackie Lai (May 17)
- Re: Skype & IPS vendor claims Kevin (May 17)
- Message not available
- Re: Skype & IPS vendor claims Vladimir Parkhaev (May 17)
- Re: Skype & IPS vendor claims Matt Jonkman (May 17)
- Re: Skype & IPS vendor claims Vladimir Parkhaev (May 17)
- Re: Skype & IPS vendor claims Matt Jonkman (May 17)
- Re: Skype & IPS vendor claims Vladimir Parkhaev (May 17)
- <Possible follow-ups>
- RE: Skype & IPS vendor claims John Brightwell (May 17)
- Re: Skype & IPS vendor claims Jason Haar (May 18)
- Re: Skype & IPS vendor claims ROB DIXON (May 17)
- Re: Skype & IPS vendor claims Christian Kreibich (May 18)
- Re: Skype & IPS vendor claims Matt Jonkman (May 18)
- RE: Skype & IPS vendor claims William Bell (May 18)