Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Blocking Skype?

Reply
Thread Tools

Blocking Skype?

 
 
Christoph Gartmann
Guest
Posts: n/a
 
      12-15-2006
Hello,

as far as I can see there is no way to block Skype via a Pix firewall.
Now there is NBAR in Cico's IOS 12.4T. I thought I blocked it but it
doesn't seem to work:

Version 12.4(4)T3

class-map match-any peer2peer
description "Peer-to-peer stuff"
match protocol gnutella
match protocol edonkey
match protocol fasttrack
match protocol napster
match protocol kazaa2
match protocol skype
match protocol bittorrent
!
policy-map p2p-drop
description "Drop the unwanted peer-to-peer stuff"
class peer2peer
drop

interface GigabitEthernet0/0
ip address 192.168.8.254 255.255.255.248
no ip mroute-cache
duplex auto
speed auto
no cdp enable
service-policy input p2p-drop
service-policy output p2p-drop


What is wrong here?

Regards,
Christoph Gartmann


--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
 
Reply With Quote
 
 
 
 
Matthias Scheler
Guest
Posts: n/a
 
      12-15-2006
In article <elufjf$qcr$(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) (Christoph Gartmann) writes:
> What is wrong here?


Skype is an encrypted protocol that doesn't used fixed port numbers.
And the authors keep changing the protocol to make it harder for
firewalls to detect it.

Kind regards

--
Matthias Scheler http://zhadum.org.uk/
 
Reply With Quote
 
 
 
 
CK
Guest
Posts: n/a
 
      12-16-2006
UTM Devices and CISCO ASA can block it


CK
Christoph Gartmann wrote:
> Hello,
>
> as far as I can see there is no way to block Skype via a Pix firewall.
> Now there is NBAR in Cico's IOS 12.4T. I thought I blocked it but it
> doesn't seem to work:
>
> Version 12.4(4)T3
>
> class-map match-any peer2peer
> description "Peer-to-peer stuff"
> match protocol gnutella
> match protocol edonkey
> match protocol fasttrack
> match protocol napster
> match protocol kazaa2
> match protocol skype
> match protocol bittorrent
> !
> policy-map p2p-drop
> description "Drop the unwanted peer-to-peer stuff"
> class peer2peer
> drop
>
> interface GigabitEthernet0/0
> ip address 192.168.8.254 255.255.255.248
> no ip mroute-cache
> duplex auto
> speed auto
> no cdp enable
> service-policy input p2p-drop
> service-policy output p2p-drop
>
>
> What is wrong here?
>
> Regards,
> Christoph Gartmann
>
>
> --
> Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
> Immunbiologie
> Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
> D-79011 Freiburg, Germany
> http://www.immunbio.mpg.de/home/menue.html


 
Reply With Quote
 
Sam Wilson
Guest
Posts: n/a
 
      01-10-2007
In article <45832daf$0$762$(E-Mail Removed)>,
(E-Mail Removed) (Matthias Scheler) wrote:

> In article <elufjf$qcr$(E-Mail Removed)>,
> (E-Mail Removed) (Christoph Gartmann) writes:
> > What is wrong here?

>
> Skype is an encrypted protocol that doesn't used fixed port numbers.
> And the authors keep changing the protocol to make it harder for
> firewalls to detect it.


And if you allow access to port 80/tcp (i.e web browsing) then Skype
will work - see the first reference below. The second reference
suggests a rather complex way to block Skype, but I'd be surprised if
it's implemented in any Cisco product.

<http://www.geocities.com/bergstromdennis/Skype_Analysis_1_3.pdf>

<http://www.blackhat.com/presentation...6-biondi/bh-eu
-06-biondi-up.pdf>

Sam
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Switching from Non-Blocking to Blocking IO Christian Java 5 12-02-2007 11:24 PM
Non-blocking and semi-blocking Sockets class. nukleus Java 14 01-22-2007 08:22 PM
stealth-blocking, isp blocking website Dhruv Computer Security 9 01-25-2005 05:37 PM
Blocking and non blocking assignment in VHDL Hendra Gunawan VHDL 1 04-08-2004 06:03 AM
blocking i/o vs. non blocking i/o (performance) Andre Kelmanson C Programming 3 10-12-2003 02:09 PM



Advertisments