Comments on: Some Data on the Skype iPhone Application

By: Christopher

Christopher — Tue, 01 Jun 2010 18:18:53 +0000

Oui, il est. L’information dans le poteau est au-dessus du wifi, pas 3G. Je ne sais pas s’il y a de compression additionnelle sur 3G. (traduit utilisant Babelfish)

By: stuff

stuff — Tue, 01 Jun 2010 18:14:37 +0000

Il est enfin temps que Skype iclue la 3G pour l iPhone.

By: Catelli

Catelli — Thu, 24 Sep 2009 00:14:33 +0000

I just pinged my security white guys, and at the moment they would recommend Palo Alto networks as a vendor that is best at identifying Skype.

BlueCoat has a nice how-to on blocking Skype. But from what I’m reading, it is easier to block Skype (and related protocols such as non-HTTP conforming Port 80 use) than it is to shape it. The most effective techniques look at what the traffic isn’t, rather than what it is. Due to the proprietary encryption used, the certainty required to shape that traffic and apply policies is not there. The techniques described are hazy enough that their use would affect other applications as well.

On a private corporate network, this isn’t that big a deal. On the public space? Ugh.

By: Christopher

Christopher — Wed, 23 Sep 2009 21:30:47 +0000

I’ve had the various techniques that Skype uses to obfuscate its traffic laid out to me before, and it’s clever (and changes with every update to the application). This said, all obfuscation can be defeated – it usually takes DPI vendors a bit, but they can identify it again shortly after an update just be virtualizing a closed network environment and watching data move between skype applications on virtual node computers.

This said, I’ve gotten this from mid-high level discussions, rather than through an engineer walking me through the process (which suggests there has to be some pretty substantial abstraction going on)…

By: Catelli

Catelli — Wed, 23 Sep 2009 21:03:49 +0000

I dunno to be honest. I have a hard time accepting that Skype is so difficult to identify from other traffic.

But the 3 types of DPI capable appliances I have sure as heck can’t block it. Is this a permanent state of affairs? I can’t commit to that.

By: Christopher

Christopher — Wed, 23 Sep 2009 17:40:00 +0000

Allot Communications produced a whitepaper a while back (2007?) that talked about techniques of blocking applications like Skype – their method (at the time) was to identify the initial packets in a packet stream; as soon as a particular set of packets, which corresponded with particular packet sizes, was detected you could be pretty certain that it was a Skype call that was being made. I assumed that this, or a similar, technique would continue to be effective based on a presentation from a UoT computer scientist who suggest that it still should be – should I rid myself of this assumption?

By: Catelli

Catelli — Wed, 23 Sep 2009 17:15:22 +0000

Skype is one of those weird ones. Actually, its fair to say its THE weird one.

I’ve used Skype as an example protocol in my DPI discussions, but I was being a bit disingenuous. At this time, there is no DPI or security appliance that can reliably detect a Skype VOIP call. It has no signature that can be detected by management appliances.

So far (according to the sources I have, and from personal experience) appliances that claim they can block Skype are not 100% accurate. Hell, they’re not even close. Generally speaking, they only block the Skype software when they detect it is trying to download an update to the client.

By: Technology, Thoughts, and Trinkets» Some Data on the Skype iPhone … | IPhoneMate

Tue, 22 Sep 2009 23:26:27 +0000

[...] more here: Technology, Thoughts, and Trinkets» Some Data on the Skype iPhone … Share and [...]