lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050125060317.GC20476@ait.ac.th>
From: alain at ait.ac.th (Alain Fauconnet)
Subject: blocking SkyPE?

On Tue, Jan 25, 2005 at 03:22:20PM +1100, Gregh wrote:
> 
> ----- Original Message ----- 
> From: "Alain Fauconnet" <alain@....ac.th>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Tuesday, January 25, 2005 2:05 PM
> Subject: Re: [Full-Disclosure] blocking SkyPE?
> 
> 
> > Hello list,
> > 
> > Thanks to all the tips and suggestions about my question on how to
> > block SkyPE traffic. I'll summarize and reply below:
> > 
> 
> ...just a quick suggestion that may already have been said as I don't know much about Skype myself:
> 
> 1) It works on VOIP phones and web cams.
>

Web cams? not that I know. Looks like pure telephony to me.
 
> 2) The sound is apparently like talking to someone in the room with you though they may well be the other side of the planet.

If you have a lot of b/w, yes. My experience using a regular dial-up
hasn't been too good. Speak Freely manages limited b/w way better.

> 
> So given those facts, surely it is using transfer similar to audio
streaming when a phone only and video streaming when not. Why not
download the prog, use it and sniff packets at the same time to see
what goes on. I did plug it in to see what it did to my firewall and
it correctly identified it as Skype.exe attempting to get out on a
hell of a lot of ports all at once. Looks like it is a torrent rather
than streaming normally to be honest.

Well, it's P2P, obviously. Not sure what you mean here, and whether
this is relevant to my question of blocking it.
Your host firewall has identified it because it knows the .EXE file
the connection originates from... nothing to do with protocol
recognition.

> 
> In short, the places it attempts to contact would all appear to be
>hardcoded

No they aren't.

> or in Windows case, likely stored in the registry.

Neither (although it was the case in some older version). It's an XML
file (see my previous posting). But this file is quite dynamic. It
gets updated all the time as long as information is received from the
supernodes.

> I have not had time to check anything as yet to be honest, more than I have said
>above.
>Hope this, in some way, helps.

Honestly, no, it doesn't :-) But thanks for the reply anyway!

Greets,
_Alain_

Powered by blists - more mailing lists