[unisog] large netflow values and skype?

David Herd D.Herd at unsw.edu.au
Thu Jun 22 03:05:10 GMT 2006


Hi,
I'm receiving reports of large netflows over various ports on some of 
our machines.
I've looked at the machines and they don't seem to have anything major wrong.
I've made sure that they have the latest OS patches, virus programs and
anti-spyware tools.  I've also checked for rootkits.  What I have 
found is that
most of the machines have Skype on them.

I know that under certain conditions Skype will promote a machine to 
a supernode.
Is this what I'm seeing?

  Flows     Source IP  Dest Port  Protocol     Router    Packets  Bytes
    130     X.X.X.X        dns       udp       pabxbcr1   130    9.1 KB
    142     X.X.X.X        dns       udp       libdr1     142    9.9 KB
    206     X.X.X.X        dns       udp       libbs1     206   14.4 KB

Each computer seems to use the same port consistently, eg, udp/53, tcp/80 and
it has disappeared both time I've closed the Skype client.

Has anybody else noticed Skype will suddenly produce large netflows?
Thanks
David

David Herd
Computer Systems Officer
School of Mechanical & Manufacturing Engineering
University of New South Wales SYDNEY NSW 2052 AUSTRALIA

Ph:   + 61-2-9385 4115
Fax: + 61-2-9663 1222

This message is intended for the addressee named and may contain confidential
information.  If you are not the intended recipient, please delete it 
and notify the sender.
The contents of this message do not necessarily represent the views 
or position of the
University of New South Wales, unless stated to the contrary.  Whilst 
all care is taken
the University of New South Wales does not represent or warrant that 
this message,
or any attachments, are free from viruses or defects.

CRICOS Provider Code: 00098G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20060622/375fe574/attachment.htm 


More information about the unisog mailing list