Home
HOW TO: Block Skype On A Corporate Network
Share
Delicious
Digg
Facebook
Reddit
Stumble Upon
Technorati
Mixx
Sphinn
Twitter
SphereIt
Propeller
Gmarks
Newsvine
Yahoo! My Web
Live Journal
Blinklist
E-mailMade Popular Nov 17 2005
Add Images and Videos
Close X
Recommended Tags or Keywords
Search by Tags or Keywords
Selected Media ( You can Upload only Six media )
Sorry no picture found for this combination of tags. Try to search minimum number of tags at once
RSS 
I improved a bit the Squid config:
# Prevent Skype connecting HTTPs using CONNECT requests to IP addresses (those not using domain names)
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny CONNECT numeric_IPs all
# Prevent Skype connecting http
acl Skype_UA browser Skype
http_access deny Skype_UA
# Prevent anyone to download anything from skype website
acl Skype_domain dstdomain skype.com
http_access deny Skype_domain
Also now, can block Skype UDP traffic, based on this very good document http://www.secdev.org/conf/skype_BHEU06.handout.pdf using iptables (warning: Skype can’t work without a TCP connection - But Skype can work without UDP).
iptables −I FORWARD −p udp −m l e ng th −−l e ng th 39 −m u32 −−u32 ’27&0 x8f=7’ −−u32 ’31=0 x527c4833 ’ −j DROP
Currently working on some patch to automate skype blocking configuration using the great EFW firewall (based on IPcop) http://www.efw.it
Cheers,
Nick
# Prevent Skype connecting HTTPs using CONNECT requests to IP addresses (those not using domain names)
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny CONNECT numeric_IPs all
# Prevent Skype connecting http
acl Skype_UA browser Skype
http_access deny Skype_UA
# Prevent anyone to download anything from skype website
acl Skype_domain dstdomain skype.com
http_access deny Skype_domain
Also now, can block Skype UDP traffic, based on this very good document http://www.secdev.org/conf/skype_BHEU06.handout.pdf using iptables (warning: Skype can’t work without a TCP connection - But Skype can work without UDP).
iptables −I FORWARD −p udp −m l e ng th −−l e ng th 39 −m u32 −−u32 ’27&0 x8f=7’ −−u32 ’31=0 x527c4833 ’ −j DROP
Currently working on some patch to automate skype blocking configuration using the great EFW firewall (based on IPcop) http://www.efw.it
Cheers,
Nick
Remind me - why are we blocking Skype?
Is there anyone out there interested in the reverse situation - getting Skype past these simple road blocks?
And are the anti’s assuming Skype.com can’t read forums etc?
Get out more and leave this yseful and technology driving tool alone. People who have never heard of VOIP are introduced by Skype. When they realise its failings, then they move onto the real thing.
Is there anyone out there interested in the reverse situation - getting Skype past these simple road blocks?
And are the anti’s assuming Skype.com can’t read forums etc?
Get out more and leave this yseful and technology driving tool alone. People who have never heard of VOIP are introduced by Skype. When they realise its failings, then they move onto the real thing.
Well I have a basic solution working well for me @ home:
When I want to use skype or bypassing proxy filtering, I open a VPN connection between my computer and a remote server.
All communication are now encrypted and routed through a remote gateway.
Can someone find a workaround?
Can the provider block the VPN router/server address because they are not able to decrypt the comm ?
When I want to use skype or bypassing proxy filtering, I open a VPN connection between my computer and a remote server.
All communication are now encrypted and routed through a remote gateway.
Can someone find a workaround?
Can the provider block the VPN router/server address because they are not able to decrypt the comm ?
now skype is blocked in dubai internet city as well, whether you use a vpn or not...
they use the software of this evil company lynanda.com , statisticians turned into censors...
do you have an idea how it works and how it could bypassed?
this is really anoying eveyone in there...
they use the software of this evil company lynanda.com , statisticians turned into censors...
do you have an idea how it works and how it could bypassed?
this is really anoying eveyone in there...
yes, and if you check their website, now they are releasing this tool as opensource software...
It’s only a 2meg download, I tested it and it works ... say.. extremely well!
I really think it’s the end of Skype now. Lynanda says that they will block Skype as long as the software is closed source. They seem to be opensource advocates. Check the tool to block skype there: http://www.lynanda.com/products/software-for-corporations/traffic-filtering/how-to-use-our-traffic-analyzer
It’s only a 2meg download, I tested it and it works ... say.. extremely well!
I really think it’s the end of Skype now. Lynanda says that they will block Skype as long as the software is closed source. They seem to be opensource advocates. Check the tool to block skype there: http://www.lynanda.com/products/software-for-corporations/traffic-filtering/how-to-use-our-traffic-analyzer
please, can you help me to block skype for windows system with KERIO FIREWALL ...
Add your Comment
One should read:
# Anti-Skype
acl numeric_IPs url_regex ^[0-9] \.[0-9] \.[0-9] \.[0-9]
http_access deny CONNECT numeric_IPs all
Anyway, that works mostly fine for me !
As far as I can see, having investigating the problem a bit, that is the best solution I tried, even if we get a few false positives. Anyway, until we hack the SSL contents dynamicaly using some Man In The Middle SSL tricks, that may stay the best solution...
Regards,
Nick