Home > Software > Linux



Blocking Skype Using Squid and OpenBSD

Sort Desciption:

the proxy on is subjective (I chose OpenBSD as my network OS of choice for its ... The setup is basically Squidproxy running over OpenBSD. PF (packet ...



Content Inside:

Blocking Skype Using Squid and OpenBSD Page 1November 13th 2005 Written by rootn0deBlocking Skype Using Squid and OpenBSD Abstract :After much digging online for an effective way to stop this pesky app that ishighly decentralised and a big pain to blocked I finally found a way to do quite nicely. It has been working perfectly fine on our corporate network and we have had no complaints of users being denied access to legitimate web destinations(that are in compliance with our security policy of course). I used Squidproxyrunning on an OpenBSD server to carry out the below. The choice of OS to run the proxy on is subjective (I chose OpenBSD as my network OS of choice for itsproven security record and excellent reliability) and has no effect over the actual blocking mechanism. The same can be accomplished on any other BSD or Linux flavour. Background :This basic writeup will not delve deeply into the operation of Skype but will quickly highlight the main challenges of blocking this application. As mentionedthe below is not an accurate study of how Skype operates and is not be a comprehensive analysis of its behaviour : 1) Skype will initially attempt to contact supernodes the IPs of which are in a file stored along with the other files that Skype installs. The first method of contact is direct. The source ports that Skype attempts to connect from are nondefaultports. From my observations I could see that the UDP source port 1247 is the initial control channel. Once the connection is established the rest of the Page 2communications is done in TCP over nondefault source ports with ranges sweeping from 29403000. In general any company that is serious about its security policy would have strict egress filtering rules which makes identifying the nondefault source/destination ports that Skype uses irrelevant since they would be blocked anyway. 2) If the above fails Skype will use the proxy server specified i ...

Source: www.net-security.org


add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Related Files

TruePort Linux User Guide

Filed under: Software and Linux
TruePort Linux User Guide, Version 6.0, Part #5500164-10 1 TruePort Linux User Guide This document ... SSL/TLS Trouble Shooting ...

066 - Advanced Unix/Linux Admin & Microsoft Windows Integration

Filed under: Software and Linux
... com.au www.mit.com.au Overview This course has a strong practical slant covering the use of Linux ... and test login i) Security - Iptables, firewalling j) Putty -secure remote admin Day 5 Trouble shooting a ...

Using under OpenBSD

Filed under: Software and Linux
participates in the de] OpenBSD Translation Project. . runs the OpenBSD mirror at the University of Erlangen. Germany (. anoncvs2.de.openbsd.org ...

eurobsdcon 05 For Your Information: OpenBSD @ eurobsdcon 05 ...

Filed under: Software and Linux
Implementing and deploying OpenBSD based wireless networks using hostapd ... cesspoints and a centralized OpenBSD network booting and management server. ...

Using OpenBSD and Snort to build ready to roll Network Intrusion ...

Filed under: Software and Linux
Overview of OpenBSD and Snort. Deployment of Distributed Network Intrusion ... $OpenBSD: Makefilev1.201 2004/02/29 18:02:14 deraadt Exp $ ...