[Dshield] Question on Skype

Jeff Kell jeff-kell at utc.edu
Sat Feb 18 15:36:38 GMT 2006


Chris C. wrote:
> So I'm not so much concerned with decrypting the communication as I am
> carrying unknown traffic, from unknown people, and broadcasting my IP as
> in existence and running Skype.  If a nasty zero day exploit for Skype
> came along, it would be easy, easy, easy to target people.
>
> Oh, and in the TOS for Skype -- you agree to share your bandwidth.  It's
> been a while since I read it, but I would assume it's still in there.
That was my concern.  Some, but not all Skypes seem to go wacky with
bandwidth, and in particular, connections.  If you're running a stateful
firewall or traffic shaper, it (can|does) eat up flows/connections at an
astounding rate.  Since it uses a later variation on fast track [Kazaa]
protocol, I'm guessing it (can|does) operate in a "supernode" role.  The
question that remains unanswered in my book is how it determines to be a
"supernode".  Is it default?  Is it user-configurable?  Is it a
disguised user setting that somehow says "click me"?  Does the software
make the determination based on your connection with a peer?

And the $64K question, is there a snort [etc] signature for the
"supernode" behavior?


Jeff


More information about the list mailing list