RE: Skype

["Rob Shein" <shoten () starpower net>]

I've played with it a bit.  I'd point out that it's not really a P2P network
as much as a cross between a VOIP network and and IM system.  They do call
it P2P, but in the end if you stretch the meaning enough all networks are
P2P in the end.  I haven't looked at the crypto, however.

The first thing you'll notice is a ton of UDP traffic and ICMP pinging.
Skype seems to be REALLY decentralized, and seems modeled on gnutella in its
behavior.  I'm not sure what purpose is served by all the ping activity,
however, and I do wonder what negative impact, if any, exists when a host
doesn't reply to ICMP echo-requests.  I've not played with it in a bit, and
I'm due for an upgrade.  I'll say this; if it does have any vulnerabilities,
they're going to be bad, much like they were in the early days of ICQ and
AIM.

> -----Original Message-----
> From: Kim.Sassaman () cox com [mailto:Kim.Sassaman () cox com]
> Sent: Wednesday, January 07, 2004 12:17 PM
> To: pen-test () securityfocus com
> Subject: Skype
>
>
> Has anyone done an evaluation of the Skype p2p network and
> encyption methods? www.skype.com
>
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------