Skype-Blocking Whack-a-Mole Continues
from the that-pesky-competition dept
Blocking disguised data from disruptive applications is a little like trying to hold back a river with a pine cone, and trying to block Skype is certainly the new black. Whether you’re a repressive government looking to protect the interests of your state-run phone company, a University or company worried about security holes or bandwidth use, or you’re a government annoyed that you’re not getting the appropriate kickbacks, there’s a growing number of hardware vendors now building gear specifically aimed at blocking Skype for you. The people that build these solutions had already stated that Skype was hard to detect and block, and apparently these companies are having even more trouble detecting the latest version released just a few weeks ago. The continuing game of cat and mouse is familiar to those watching ISPs trying to contain BitTorrent traffic. The easiest way for corporations or colleges to control Skype is to ban the executable from running on the desktop. For countries however this will be a neverending game of whack-a-mole. VoIP is simply data, and data can always be disguised – something Skype engineers seem to be getting better at with each incarnation.
Comments on “Skype-Blocking Whack-a-Mole Continues”
The odd thing is
I have the same problem these hardware vendors do, but for the opposite reason.
I want to give skype a high priority on my network (it being real time data and all), but it’s so hard to pin down the traffic I can’t isolate it.
If anyone has any ideas, please post a link.
Re: The odd thing is
One word – VLAN
Banning the Executable?
Maybe on school owned comptuers that would work, but what about ones that the students bring to school with them? That might be more difficult.
I suppose if each college created an application that had to be running for any student to gain network access, an application that would stop any offending applications or services from running on student computers – that might do the trick. But what about the old trick of renaming an executable to bypass run restrictions?
I haven’t tried doing that in a long time, I wonder if many of today’s applications would still run if you rename the exe file that starts it?
Re: Banning the Executable?
I would expect the applications to still work. If you try renaming applications that the main exe depends on, then things could get a little wacky.
Applications could also be blocked by md5 hash, nullifying the renaming trick. This would still be playing whack-a-mole, since program updates will change the hash.
Re: Re: Banning the Executable
Calculating MD5 hashes for every application someone runs is time-consuming and unnecessary – you can also force an EXE to open up in notepad, add some random letter to the end of it and save it, and run your “new” program that will fail the MD5 check.
Just have the program shut down any process with the name “skype” or whatever every couple seconds.
RE: Banning the Executable
Yeah this is a great way to stop Skype, because every time I hook my PC up to a network I want the network to have full access to it.
MMMMMMMM
My firewall says skype packets are tasty
Skype Rules
I don’t know what these companies are trying to do here. It’s like a hand full of sand, the tighter you squeeze, the less you can contain.
another one word: latency.
Ok, I’ll explain it a little further: make your router inserting small random delays between packets. They’ll be unnoticeable for web surfers, but experience of those who use traffic-consuming applications from Skype to YouTube will be less than pleasant.
Most (if not all) those ad-hoc programs that hunt down specific applications are rather easy to fool / stop.
If it’s traffic that hurts, you’ll need to target it, not the applications that can be run all the different ways, some of which can be just out of your control.
Or, if you’re so concerned, make it impossible to run *any* new apps, including those come as ActiveX controls, browser plugins, etc, etc. And disable all the USB ports. And the Remote Desktop. And … oh, my 😉
http tunnel all the way!
the problem with skype is that it takes over pcs
We found that SKype would rapidly take over any pc with a fixed ip, and use it to connect up other skype users who were behind routers. It did routwe the packets thru us, but it would have 500 connections going at once. The only way to stop it was to kill skype and start it over, and then after a day or so it would start doing it again.
Hopeless
Blocking the Exe is hopeless, since the renaming trick does work for several games, including ones which have a large number of seperate processes running. THe md5 hash can be easily changed by adding a few bytes tot he end of the file, and it would even be possible to do this without taking up any extra disk space if you knew how large your sectors were.
companies already block skype with opensource soft
there is a widely used skype and P2P blocking solution in opensource.
check this link http://www.lynanda.com/products/software-for-corporations/traffic-filtering
I’ve heard that this solution is what companies use to forbid skype within their network. China is suspected to use this or a derivative
I think that providing that kind of censorship technology is in total contradiction with the opensource philosophy. Some people suspect Skype to be at the origin of this blocking initiative, for political reasons.
... and with payware too
That’s right John, and there are also companies, even governments, that are using corporate firewall systems to block skype: http://voiptelephonyservice.blogspot.com/2006/10/block-skype-hype.html
#1 on the list is reportedly the one that China Telecom has used.