The VoIP Service Blog

Compare and review IP Telephony & VoIP providers. News on the latest technology, from mobile Internet to IPTV.


The block Skype hype

Friday, October 27, 2006

Skype has made a lot of enemies with its proprietary voice protocol. At VoIP Planet, a new article quotes:
"Skype traffic will traverse your NAT or firewall," Montgomery pointed out, "and if you're a good IT security professional, you don't want anything doing that if you can't see what it is, when it is, and who it is. So there's a perceived risk." And since Skype is encrypted, IT departments cannot see 'what it is.'

"We don't really think that it creates a security hole in the sense that it can let other malicious traffic onto the network," Montgomery clarified, "but what our customers have told us is that they just don't know. They don't know if it's secure or not, because it's encrypted."

The other issue—policy compliance—can be either a specific legal issue or merely a corporate IT concern. Many businesses and governmental agencies are required by law to log, archive, and produce reports on all electronic messages. Since, again, Skype is strongly encrypted—essentially undecipherable—there's no way that conversations or message threads carried on using it can be compliant with such regulation.

In the news, we've heard about the controversy at San Jose State University when they blocked Skype. China, UAE, and Jordan have also made headlines by tinkering with Skype blockers. More companies and governments could soon follow as the availability of Skype blocking products increases.

The VoIP Planet article introduced Akonix Systems' L7 Skype Manager as the latest entry into the market of Skype blocking applications. It won't come cheap though, as the suggested price for under 1,000 users is $3,500 and a system supporting up to 10,000 users will cost $5,000. If this isn't right for your organization, you may want to look into some alternatives.

Alternative methods for blocking Skype
  1. NetSpective from Verso Technologies - Can be configured to block over 20 P2P and Instant Messaging programs, including Skype. NetSpective is available in enterprise and carrier versions. Verso has supplied China Telecom with their carrier class of NetSpective.
  2. Packeteer's PacketShaper - detects Skype and other P2P traffic and allows the administrator to apply Quality of Service regulations or block it completely.
  3. SonicWall's Unified Threat Management appliances - SonicWall has a PDF presentation on how to block Skype with their hardware, or you can read the HTML version in the Google cache.
  4. Fortigate from Fortinet - capable of blocking Skype and other P2P applications.
  5. Check Point's InterSpect - Using InterSpect with Check Point's SmartDefense system can identify and block P2P applications including Skype.
  6. Cisco equipment running IOS version 12.4 (4) T - This is the "free" option, providing that your network already uses a Cisco product with this IOS version. See Cisco Tips & Tricks for the instructions.
Skype has been previously described as "unblockable" due to its P2P nature and its use of supernodes that defy older methods of preventing traffic. Now that several vendors have come out with effective means of blocking Skype, it's now Skype's turn to evolve to the next level. The cat and mouse game continues.

(Thanks Tom for your great resource.)


12 Comments:

At 5:48 AM, Anonymous Anonymous said...

I don't see the use of putting so much effort in Skype blocking. Skype is blocked here in the UAE and now people are using UltraVPN to pass through the blockage and it costs nothing...
Are these smart people able to block Skype even inside a VPN?

 
At 9:54 AM, Blogger Zack said...

I don't think so. UAE probably uses one of the methods on the list to block Skype, so by using a VPN to servers outside the UAE, the traffic would probably not be detected as Skype traffic. Still, you might notice lower call quality when using a VPN.

 
At 5:05 AM, Anonymous Anonymous said...

Actually there is opensource software that blocks Skype even within a VPN
this is quite widely used in companies
check this link http://www.lynanda.com/products/software-for-corporations/traffic-filtering
I've heard that this solution is what companies use to forbid skype within their network. China is suspected to use this or a derivative
I think that providing that kind of censorship technology is in total contradiction with the opensource philosophy. Some people suspect Skype to be at the origin of this blocking initiative, for political reasons.

 
At 7:27 PM, Anonymous Anonymous said...

The reason “Blocking Skype” is such a big deal is that it circumvents any firewall that is not using an authenticated proxy. For home users this seems like a great thing because they don’t have to mess with opening ports (providing they even use a firewall). Now lets say you’re a network administrator & your using a transparent proxy, anyone can simple install Skype on a USB drive & not only use you company or governments bandwidth but thanks to the “Skype EUA” which give Skype the right to us all of your systems bandwidth & resources to route calls for other people not to mention transfer confidential files. For those that don’t care I say this… Would you want terrorist using your computer to route calls? Well guess what installing Skype allows that to happen.

 
At 9:12 PM, Blogger Zack said...

the “Skype EUA” which give Skype the right to us all of your systems bandwidth & resources to route calls for other people not to mention transfer confidential files.

This unfortunate aspect of using Skype can be avoided *IF* you can prevent the clients on your network from becoming super-nodes.

I believe it's possible to do this by running a proxy server, however certain proxy servers may severely affect the quality of Skype calls.

 
At 2:45 PM, Anonymous Anonymous said...

This comment has been removed by a blog administrator.

 
At 12:51 AM, Blogger Unknown said...

It maybe a little bit late, but our laboratory found some tips to make the blocking of Skype more intelligence. A socket level blocking.

This is the Information Security Laboratory, CUHK in Hong Kong,
The paper titled:
"Network Forensic on Encrypted Peer-to-Peer VoIP Traffics and The Detection, Blocking, and Prioritization of Skype Traffics”;
Submitted to the 16th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, Mar 2007; Accepted, 8th May 2007

With our page for reference:
http://personal.ie.cuhk.edu.hk/~cmleung5/index.html

 
At 7:09 AM, Blogger Vegas Games said...

If skype is blocked that is just not fare so i found a way around it and no one can stop me from calling with skype when its "blocked" :) I use a service from the following site

VPN Connections

Hope it helps others too.

P.s. they also will provide a new connection if the isp block the ip you connect to to establish a vpn.

Read all about it on the site.
Skype Unblocked

www.VPNaccounts.com

 
At 7:20 AM, Anonymous Anonymous said...

They can block as much as they want but using a VPN account you can bypass everything! There are only a few providers and it's worth checking out.
-http://www.bananavpn.com
-happyvpn.com
-vpnaccounts

 
At 7:16 AM, Blogger Marcos el Ruptor said...

This comment has been removed by the author.

 
At 3:49 AM, Anonymous Anonymous said...

.
Here are some links who explains how to unblock Skype and all blocked websites.

- http://forum.skype.com/index.php?showtopic=140851

- http://unblockskype.blogspot.com/

- http://www.banana.vpn.helpnote.net/


.

 
At 4:37 AM, Anonymous Anonymous said...

People keep asking why anyone would want to block skype because it makes comms cheaper and lowers company costs...blah blah blah. Well here's why I need to block Skype for a client...They ahve a slow satellite connection in the DRC. Users sit on skype and use the filesharing skype offers. while they should be working they are downloading massive amounts of data and severly impacting the productivity of the company. All internet is blocked, but skype keeps getting through. As soon as it is blocked then the company can start making money again. Until then they will remain on the brink of disaster due to the inability for key members to use what little internet resource they have thanks to skype and it's filesharing killing the bandwidth.

 

Post a Comment

<< Home