Skype Addresses Visibility Concerns 188
An anonymous reader writes "TechWorld is reporting that VoIP pioneer Skype has finally decided to buckle down from their startup mentality and address some of the concerns about the 'visibility' of Skype by network admins. From the article: 'Problems started around the time that the version 2.0 beta appeared last year, the moment when a handful of software engineers started to assess a troubling issue thrown up by the program's new and evasive design: it was incredibly hard to detect using perimeter security systems. Skype's unofficial explanation for its extreme stealthiness has always been that this was necessary to avoid telcos threatened by its business model from blocking it. While this presents no issues for a home user, using "invisible" software capable of making and receiving voice calls, opening instant messaging sessions and exchanging files on a corporate networks, caused some to ponder whether the ever-more-popular Skype hadn't just turned itself into a huge security risk.'"
Re:ports (Score:5, Informative)
Re:ports (Score:5, Informative)
Re:ports (Score:5, Informative)
No. The whole point of the article is that Skype purposefully intends to be invisible and sneaky. The reason is that it makes it easier to run Skype on firewalled and/or NATted networks, either at home or at work. Many home users have convoluted NAT setups, and most don't have the expertise (or reason) to poke holes in the firewall. Skype likes to advertise that it offers Internet phone service that "just works", so they need to make it work on every network. That may mean using random ports, using ports intended for other protocols, tunneling to remote servers or through peers, or other things that can be interpreted as resourceful or sneaky, depending on your point of view.
as a skype user..... (Score:1, Informative)
the behaviour is random but would suggest someone is trying to block it, just not able to do so all the time.
blocking the 'ports' might not be so simple, it can/does use web proxy ports quite well and I can fully see why some would consider it a risk.
its a great product but its allure is certainly that it does work where others are blocked......
just my 10 cents.
blocking skype is easy (Score:5, Informative)
However, if you want to block skype, it is very easy. Have a look at reports [grok.org.uk] using openbsd & squid.
Or do a quick search with google.
Re:ports (Score:5, Informative)
Eh... (Score:3, Informative)
Buy a Fortigate (or Packeteer, or whatever, but Fortigates are good and cheap) and configure the BUILT-IN filter for Skype traffic. Problem solved.
Re:ports (Score:5, Informative)
Blocking is easy, even if not convenient (Score:5, Informative)
Re:Traffic shaping (Score:2, Informative)
Re:ports (Score:2, Informative)
We just tell the filter which traffic to allow, and which to prevent (based on our Corporate security policy).