Welcome to ISAserver.org

Skype Blocking

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Skype Blocking

Page: [1]

Message

<< Older Topic Newer Topic >>

Skype Blocking - 14.Mar.2006 11:38:15 AM

knightfox

Posts: 9
Joined: 21.Apr.2005
From: UK
Status: offline

Skype is turning out to be a administration nightmare, much in the same as SPYNOT and other programs. After drinking half a coffee plantation and a couple of sleepness nights and hot dates with Ethereal and ISA (i know i know.. a stud, 2 on the go at once) Here are my findings.

www.cs.columbia.edu/~library/TR-repository/ reports/reports-2004/cucs-039-04.pdf

This document above contains infomation about the gubbins of skype and how to works, makes sleepy bed time reading. it seems that skype uses UDP first to connect then TCP:80 if no luck there TCP:443 ssl tunnel.

I ethereal cap'ed the connection taking place and the only thing i can find is a HTTP: CONNECT Method to a random IP address each time, so blocking the IP address is out of the question as there are 1000's of them. With CONNECT blocked in the ISA method filters, users are then unable to browse any SSL sites as we use an upstream 8080 proxy to our ISP.

I am stuck, skype are not intrested in responding to my emails or calls... someone must be having the same issue. working with children 3000 of them in fact this is potnetialy a very sensitive issue, as they are currently able to talk to anyone accross the internet...

Another very useful document is http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038646.html

Lets get this thread started.. and find a solution.

Many thanks

Fox

Post #: 1

Featured Links*

RE: Skype Blocking - 14.Mar.2006 12:19:12 PM

elmajdal

Posts: 5103
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online

have u tried this :

http://forums.isaserver.org/searchpro.aspx?phrase=skype&author=&forumid=ALL&topicreply=both&message=body&timeframe=%3E&timefilter=0&language=single&top=300&criteria=AND&submitbutton=+OK+

this is no one thread that tells u exactly how to block it. it just works

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to knightfox)

Post #: 2

RE: Skype Blocking - 18.Mar.2006 3:40:48 PM

knightfox

Posts: 9
Joined: 21.Apr.2005
From: UK
Status: offline

Posting a link to the search option wasn't very helpfull, also blocking the skype authtication servers no longer works.

The reason for this i believe tis the way that the skype client authenticates, there did used to be a central auth cluster of some description, but now it uses a P2P type authentication service, which only needs the skype client to be able to access one of the super-nodes.

I read in a previous post that blocking SSL is good practice and this is something that we are planning todo, firstly i need to sell it to the powers to be.

Fox

(in reply to elmajdal)

Post #: 3

RE: Skype Blocking - 21.Mar.2006 5:34:44 AM

RobJohn

Posts: 87
Joined: 28.Feb.2001
From: Montgomery, Al
Status: offline

try blocking the User-Agent: /skype

_____________________________

Rob John
MCSE, CCNA

(in reply to knightfox)

Post #: 4

RE: Skype Blocking - 21.Mar.2006 3:57:01 PM

knightfox

Posts: 9
Joined: 21.Apr.2005
From: UK
Status: offline

no good in the new version of Skype, as it has no user agent.. due to SSL :0(

(in reply to RobJohn)

Post #: 5

RE: Skype Blocking - 9.Apr.2006 5:51:56 PM

Ashokk001

Posts: 232
Joined: 6.Oct.2005
Status: offline

Hi,

I don't know if this helps but by taking the capture when skype is starting the User-Agent: is

Skype\231 2.0\r\n

This was done using ethereal from my home PC, I haven't tried to to see if this works from our work place but will try soon.

Ashok.

(in reply to knightfox)

Post #: 6