[unisog] Skype EULA

Frank Bulk frnkblk at iname.com
Thu Jun 1 02:32:22 GMT 2006

Some academic papers on Skype can be found here:
including the Salman A. Baset and Henning Schulzrinne ones.


-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Peter Van Epp
Sent: Wednesday, May 31, 2006 6:42 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Skype EULA

	Well that seems to have touched a nerve :-) I've been in meetings
all day and came through my office and approved 20 or so posts on skype then
went back to meetings :-).  Now I'm out of meetings and can provide some
illumination. As noted by others if you don't have a firewall you will get
elected to have supernodes. The first time I saw skype a user's machine was
doing some 6 megabits per second on our charged commodity link. I know it
wasn't our user because he was on vacation for 2 weeks and had left a skype
client running. I believe (but haven't tried) is you block port 33033 tcp
you will block skype. That is the directory service port and if it can't
connect skype won't operate. I've never had to try that because our
Packeteer understands skype and has an 8 slot around 80K bit per second
dynamic partition on skype in and out. This allows up to 8 simultaneous
skype calls (which I'm not aware of us having ever hit) and limits the
bandwidth for supernodes it doesn't limit supernodes, I currently have 3 (I
lied I currently have 4 and possibly 5)):

   142.58.xxx.48            274,776            239,285
   142.58.yyy.80            265,401            229,631
   142.58.zzz.37            249,285            213,816
   206.12.aa.154             96,382             89,760

	Because we have two links (commodity with the Packeteer and a gig
link to CA*net4/I2 and the other RENs with no restrictions) its possible
that traffic out the C4 link is the attraction here, it isn't commodity
anymore (although I did verify that our folks could still make skype calls
when I did this). 
	The first number is distinct host/port pairs the second is number of
succeesfull connections in the last 24 hours (checking the argus logs for
33033 will verify this as well). The difference between this and p2p is the
connect success rate of about %90. P2p is down at about %50:

    206.12.bb.14             85,891             47,404
   142.58.ccc.84             39,365             36,595 (probably skype too)
   142.58.dd.118             38,222             20,823
    209.87.ee.48             26,517             11,683  (planet net hosts
    209.87.ff.49             26,444             11,264  so definite p2p)

	There is an excellent paper from Baset and Shulzrinne at Columbia on
the skype protocal and there were a spat of other references (which I
haven't had time to poke at yet) on the pen-test list recently as well if
you need more information (I thought everybody already knew this all ready

Peter Van Epp / Operations and Technical Support Simon Fraser University,
Burnaby, B.C. Canada _______________________________________________
unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list