[Dshield] Question on Skype

Chris C. sans at intrusionlabs.com
Sat Feb 18 13:14:22 GMT 2006


> "node in the network" is mostly for file-sharing systems where the data
> is fetched from one or more "best available copies".  Obviously, if you're
> trying to do a phone call, sending the data to some other "node" is incredibly
> silly (as you're then adding the round trip time to/from that node to the
> total round trip, and your RTT and jitter values go *all* to hell...)
>   
Actually, I think this is exactly how Skype works.  It shares the load
between a number of different nodes.  So you actually handle other
people's voice data (bandwidth), which was problem #1 for me. Problem
#2, and how I found out about it: I noticed a number of machines from
China, Japan and Russia communicating with a machine on my network,
which always raises my concern level.  Come to find out, it was a
computer running Skype.

If you get Skype, watch the traffic for a while, and you will see what I
mean.  Obviously since Skype is big in Europe, you will see a lot of
European addresses.  That also means a lot of people can see that you
exist, and that you are running Skype.  To me that's just an invitation,
and a huge liability.

So I'm not so much concerned with decrypting the communication as I am
carrying unknown traffic, from unknown people, and broadcasting my IP as
in existence and running Skype.  If a nasty zero day exploit for Skype
came along, it would be easy, easy, easy to target people.

I may not be 100% in my assessment, but I saw enough to know I didn't
want it running.

Oh, and in the TOS for Skype -- you agree to share your bandwidth.  It's
been a while since I read it, but I would assume it's still in there.

Chris




More information about the list mailing list