[Dshield] Question on Skype
sans at intrusionlabs.com
Sat Feb 18 13:14:22 GMT 2006
> "node in the network" is mostly for file-sharing systems where the data
> is fetched from one or more "best available copies". Obviously, if you're
> trying to do a phone call, sending the data to some other "node" is incredibly
> silly (as you're then adding the round trip time to/from that node to the
> total round trip, and your RTT and jitter values go *all* to hell...)
Actually, I think this is exactly how Skype works. It shares the load
between a number of different nodes. So you actually handle other
people's voice data (bandwidth), which was problem #1 for me. Problem
#2, and how I found out about it: I noticed a number of machines from
China, Japan and Russia communicating with a machine on my network,
which always raises my concern level. Come to find out, it was a
computer running Skype.
If you get Skype, watch the traffic for a while, and you will see what I
mean. Obviously since Skype is big in Europe, you will see a lot of
European addresses. That also means a lot of people can see that you
exist, and that you are running Skype. To me that's just an invitation,
and a huge liability.
So I'm not so much concerned with decrypting the communication as I am
carrying unknown traffic, from unknown people, and broadcasting my IP as
in existence and running Skype. If a nasty zero day exploit for Skype
came along, it would be easy, easy, easy to target people.
I may not be 100% in my assessment, but I saw enough to know I didn't
want it running.
Oh, and in the TOS for Skype -- you agree to share your bandwidth. It's
been a while since I read it, but I would assume it's still in there.
More information about the list