[unisog] large netflow values and skype?
Peter Van Epp
vanepp at sfu.ca
Thu Jun 22 18:18:52 GMT 2006
On Thu, Jun 22, 2006 at 01:02:08PM -0400, Reg Quinton wrote:
> From: "Peter Van Epp" <vanepp at sfu.ca>
> > Yep, although without a firewall it isn't usually 80 or 53 :-).
> > Check
> > for flows with a dest port of 33033 which is the Skype directory service.
> Peter, thanks for the extra information. Skype has been a problem here by
> times, not as much lately. People who keep their XP/SP2 firewall up don't
> become super nodes ....
> In your note about directory services is that 33033 TCP or UDP?
> Snort has some good signatures on skype, but none on that twig on that port
> unisog mailing list
> unisog at lists.sans.org
Both tcp and udp although in a small sample it was primarily UDP. I
believe that if you block that port skype will stop working (I haven't tried
it because traffic shaping is keeping usage acceptable while still allowing
legit users to make skype calls).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog