• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Skype Blocking

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Skype Blocking Page: [1]
Message << Older Topic   Newer Topic >>
Skype Blocking - 14.Mar.2006 11:38:15 AM   


Posts: 9
Joined: 21.Apr.2005
From: UK
Status: offline
Skype is turning out to be a administration nightmare, much in the same as SPYNOT and other programs.  After drinking half a coffee plantation and a couple of sleepness nights and hot dates with Ethereal and ISA (i know i know.. a stud, 2 on the go at once) Here are my findings.

www.cs.columbia.edu/~library/TR-repository/ reports/reports-2004/cucs-039-04.pdf
This document above contains infomation about the gubbins of skype and how to works, makes sleepy bed time reading. it seems that skype uses UDP first to connect then TCP:80 if no luck there TCP:443 ssl tunnel.
I ethereal cap'ed the connection taking place and the only thing i can find is a HTTP: CONNECT Method to a random IP address each time, so blocking the IP address is out of the question as there are 1000's of them. With CONNECT blocked in the ISA method filters, users are then unable to browse any SSL sites as we use an upstream 8080 proxy to our ISP.
I am stuck, skype are not intrested in responding to my emails or calls... someone must be having the same issue.  working with children 3000 of them in fact this is potnetialy a very sensitive issue, as they are currently able to talk to anyone accross the internet...
Another very useful document is http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038646.html 
Lets get this thread started.. and find a solution.
Many thanks
Post #: 1
RE: Skype Blocking - 14.Mar.2006 12:19:12 PM   


Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
have u tried this :


this is no one thread that tells u exactly how to block it. it just works


Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to knightfox)
Post #: 2
RE: Skype Blocking - 18.Mar.2006 3:40:48 PM   


Posts: 9
Joined: 21.Apr.2005
From: UK
Status: offline
Posting a link to the search option wasn't very helpfull, also blocking the skype authtication servers no longer works.

The reason for this i believe tis the way that the skype client authenticates, there did used to be a central auth cluster of some description, but now it uses a P2P type authentication service, which only needs the skype client to be able to access one of the super-nodes.

I read in a previous post that blocking SSL is good practice and this is something that we are planning todo, firstly i need to sell it to the powers to be.


(in reply to elmajdal)
Post #: 3
RE: Skype Blocking - 21.Mar.2006 5:34:44 AM   


Posts: 87
Joined: 28.Feb.2001
From: Montgomery, Al
Status: offline
try blocking the User-Agent: /skype


Rob John

(in reply to knightfox)
Post #: 4
RE: Skype Blocking - 21.Mar.2006 3:57:01 PM   


Posts: 9
Joined: 21.Apr.2005
From: UK
Status: offline
no good in the new version of Skype, as it has no user agent.. due to SSL :0(

(in reply to RobJohn)
Post #: 5
RE: Skype Blocking - 9.Apr.2006 5:51:56 PM   


Posts: 244
Joined: 6.Oct.2005
Status: offline

I don't know if this helps but by taking the capture when skype is starting the User-Agent: is

Skype\231 2.0\r\n

This was done using ethereal from my home PC, I haven't tried to to see if this works from our work place but will try soon.


(in reply to knightfox)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Skype Blocking Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts