[unisog] large netflow values and skype?

Peter Van Epp vanepp at sfu.ca
Thu Jun 22 18:18:52 GMT 2006

On Thu, Jun 22, 2006 at 01:02:08PM -0400, Reg Quinton wrote:
> From: "Peter Van Epp" <vanepp at sfu.ca>
> >        Yep, although without a firewall it isn't usually 80 or 53 :-). 
> > Check
> > for flows with a dest port of 33033 which is the Skype directory service.
> Peter, thanks for the extra information. Skype has been a problem here by 
> times, not as much lately. People who keep their XP/SP2 firewall up don't 
> become super nodes ....
> In your note about directory services is that 33033 TCP or UDP?
> Snort has some good signatures on skype, but none on that twig on that port 
> number.
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

	Both tcp and udp although in a small sample it was primarily UDP. I 
believe that if you block that port skype will stop working (I haven't tried 
it because traffic shaping is keeping usage acceptable while still allowing 
legit users to make skype calls). 

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list