anyone blocking skype ???

I'm looking ways to block skype.

I see cisco has a pdlm for skype, but it only runs under 12.4(4)T.

so .... does anyone have (or know about an effective way to whack skype ?>>>???

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

RussS

Yup - block all ports unless absolutely necessary and most important ..... TURN OFF UPnP

forbesl

Here's an interesting article on it:

http://www.computerworld.com/securitytopics/security/story/0,10801,105760,00.html

Works 99 times out of 100 behind a firewall or NAT layer? Man, this thing has the potential of being a big security problem.

JDMurray

forbesl wrote:

Works 99 times out of 100 behind a firewall or NAT layer? Man, this thing has the potential of being a big security problem.

Most firewalls have port 80 outbound opened for Web browser traffic. Network developers know this and use port 80 to have their software apps get through corporate firewalls. IT counters this by using a firewall that can filter packets at the application layer, and reject any port 80 outbound packets that are not part of an actual HTTP session. Of course, it's possible to wrap almost any other protocol in an HTTP session, so the firewall manufacturers have to build a signature database to detect application traffic that uses this trick. Back and forth and back and forth it goes.

forbesl

jdmurray wrote:

forbesl wrote:

Works 99 times out of 100 behind a firewall or NAT layer? Man, this thing has the potential of being a big security problem.

Most firewalls have port 80 outbound opened for Web browser traffic. Network developers know this and use port 80 to have their software apps get through corporate firewalls. IT counters this by using a firewall that can filter packets at the application layer, and reject any port 80 outbound packets that are not part of an actual HTTP session. Of course, it's possible to wrap almost any other protocol in an HTTP session, so the firewall manufacturers have to build a signature database to detect application traffic that uses this trick. Back and forth and back and forth it goes.

Yes, I realized that this uses mainly port 80 and 443. Since most all firewalls are opened up outbound for these ports, it makes it hard to kill skype. I also read that skype will look for any open outbound port to use, which is doubly troubling.

forbesl

darkuser wrote:

I'm looking ways to block skype.

I see cisco has a pdlm for skype, but it only runs under 12.4(4)T.

so .... does anyone have (or know about an effective way to whack skype ?>>>???

darth, are you all using 12.4 at NASA yet? If so, how is it working out for ya? I work at a DoD NOC and have been reluctant to flash it on my nodes until it's been "tried and tested".

darkuser

no 12.2(31) or something .... and nbar for blocking generic fileshare apps.
but the skype question was posed to me ..... as was marketscore last year.
and .... I don't really work for nasa ... they just pay my salary thru a research grant.....

and thanks again .... to the fine people who created napster.
they've found a way to make money and not get sued ... yet