Re: using Skype, hosted voip, etc. in SMB

On 7/26/06, Dragos Ruiu <dr@xxxxxxx> wrote:
On July 25, 2006 06:14 am, Morgan Reed wrote:
> The guys at http://www.rstack.org have done quite a bit of work on
> Skype (and more particularly Skype security), the Chinese DIDN'T
> "crack" the Skype protocol they were simply the first people to
> release an alternative client.
>
> Rstack.org's were the first to "crack" the protocol, the details can
> be found in Philippe Biondi's and Fabrice Desclaux's blackhat
> briefings eu 2006 presentation "Silver Needle in Skype";
> http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06
>-biondi-up.pdf
>
> Further work was done later into Skype-based botnets, details are
> available in Cedric Blancher's "Fire in the Skype" presentation;
> http://sid.rstack.org/pres/0606_Recon_Skype_Botnet.pdf
>

Actully not to belittle team RStack (hi guys, and girls) and their work
but the first analysis I saw of the Skype protocol was the 2004
paper from Salman A. Baset and Henning Shulzrinne at the
CS dept. of Columbia University. This paper started a lot of
other research.

Just to give credit where credit is due.

cheers,
--dr


Yes I agree credit where credit is due, the work in the paper from
Salman A. Baset and Henning Shulzrinne is quite exceptional and was
the catalyst for much further research it only provides a partial
reversal of the protocol.
http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf

The reason I credited RStack with "cracking" the protocol is because
(to the best of my knowledge) they were the first to provide a full
reversal of the protocol.

Further to the original question there is also a product
(interestingly enough it was released shortly after the Black Hat
Briefings Europe 2006) called Uplink which acts as a Skype to SIP
adapter which may also prove useful.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • FW: Skype
    ... Don't recall where I found this on the web but I came across it a couple months ago when our security manager was looking at blocking/shaping Skype. ... NBAR configuration to drop Skype packets ... we can also use ip nbar port-map command to look for the protocol or protocol name, using a port number or numbers other than the well-known Internet Assigned Numbers Authority -assigned) port numbers. ...
    (Pen-Test)
  • Re: Voice messenger for Ubuntu 7.04
    ... Skype uses a proprietary protocol and this means ... that the only client that can use the skype voip protocol is a skype ... uses SIP, is a proprietary client but unlike skype, if you use sjphone ...
    (Ubuntu)
  • Re: [Full-disclosure] [inbox] Re: [ Capture Skype trafic ]
    ... but that document outlines HOW Bluecoat can and does block Skype. ... A packet or protocol anaylizer Proxy will block anything that is NOT ... Skype does not conform to HTTP ...
    (Full-Disclosure)
  • Re: What is the best your wanted IM(MSN,YAHOO and so on) VCL component?
    ... I ever digged skype instant message protocol before. ... Bricksoft IMMessenger VCL Component ... I want to know what is the next IM protocol I will do. ...
    (borland.public.delphi.non-technical)
  • Re: way way OT: personal note
    ... allows plain instant messaging, but also allows voice-over-IP and video ... "Credit expiration: A credit balance for Skype Credit in your user ... account expires 180 days after the last chargeable use of that Skype ...
    (rec.arts.sf.composition)