Re: Skype & IPS vendor claims

On 5/16/06, Vladimir Parkhaev <vladimir@xxxxxxxxxx> wrote:

Many IPS vendors are claiming that their devices can block Skype.
Reading "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol"
paper I fail to see how those claims can be true.

Assuming your clients are behind a correctly configured firewall which
prevents them from exchanging arbitrary UDP packets with Internet
hosts, all you need to do is break the communication with the
supernode. This will be TCP/80 or 443 traffic that isn't using
HTTP/HTTPS protocol, so it can be caught by anomaly detection.

Has anyone looked into blocking Skype?

Blocking Skype is possible:
"SC Must establish a TCP session with a SN in order to connect to
the Skype network. If it cannot connect to a super node, it will
report a login failure."

Having blocked it, I have users insisting it be opened back up.

I'm looking into *permitting* Skype without permitting other unknown
P2P applications, and not getting anywhere. The decentralized nature
of the protocol prevents writing any sort of whitelist for Skype


Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
to learn more.

Relevant Pages

  • process starting order
    ... When I start my computer, it tries to start some process, like MSN Messenger ... and Skype, before having started the wirelless net connexion, so they fail to ...
  • Re: Multicultural Person
    ... >> Contact 'septicvannner' cannot be found. ... I have sent you an invitation to contact me via Skype. ... Fail not at your peril! ...
  • Re: Computer Psychology
    ... Brian Millson wrote: ... What I fail to understand is why they won't try anything new or different. ... Skype: greyarea ...
  • [opensuse] Skype with PA on 11.1
    ... Skype was almost usable on 11.0 with pulseaudio when following ... but I fail completely ... getting voice capturing to work on 11.1. ... Skype always aborts the ...