Re: rules for skype

[Daniel Lopes <lopsch@lopsch.com>]

Mogens Valentin schrieb:
> Taylor, Grant wrote:
> 
>>> iptables -A FORWARD -p tcp --dport SKYPEPORT -j ACCEPT
>>
>>
>>
>> <devilish @^*% eating grin> He, Skype does not have a port (per say). 
>> </devilish @^*% eating grin>
>>
>> Skype will use just about any port that it can use (all the standards 
>> you would think for internet traffic) to connect to any ""super node 
>> that it can connect to.  unfortunately what qualifies as a Super Node 
>> is any node / computer that is running Skype that is directly 
>> connected to the internet with out a firewall that would inhibit other 
>> systems from connecting directly to it.
> 
> 
> No wonder, since Skype is based upon the methods as used for Kazaa.
> Damn thing to deny too, as is many other sharing apps...
> AFAIR I found it slightly easier blocking such using ipchains explicit 
> in/out/forward rules, than with iptables and ESTABLISHED,RELATED rules.
> 
>> Do a Google for "Skype Protocol" and see what you find.  I have a PDF 
>> on it at the office that I'd be happy to send you.  (If you want this 
>> PDF I'll find the URL to it and post it to the list or email 
>> individually as I don't think the list would like a PDF sent to it.)  
>> The only way that I've heard to even slow down Skype is to force it to 
>> pass through a proxy, beyond that nothing, that I have heard of or 
>> read about, will stop it.
> 
> 
> Mind adding me to that list? If so, thanks a lot!
> 
Mhm Kazaa can be blocked by IPP2P for example. But Skype´s payload is 
encrypted what makes it way more difficult or impossible. But what about 
NUFW doesn´t it authenticate upon application? I would like to receive a 
copy of that PDF too please :).