Blocking Skype Supernode Packets

Hello,
i would like to ask if there is a way to block skype supernode packets on an IPS module. The reason why i want to block these application is because when skype starts on host in my network i establishes about 100 connections all over the globe.
thanks for any hints
alex

Alex;
  This action may be possible by creating a custom signature that detects a Skype super-node packet and then takes the action of denying the packet.
  This requires a few details to be successful:
packet details that are specific to a super-node connection attempt
the sensor to be configured for inline operation
  You should then be able to create a custom signature using the appropriate signature engine as outlined here:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html
Scott

Similar Messages

  • ASA5520 allowing/blocking Skype

    I have the following:
    redundant ASA5520s on v8.2(1)
    proxy server/web filter for blocking access to websites for staff/students
    users who want to use Skype
    Cisco Catalyst 4507 core
    a dozen VLANs for staff/student/WiFi etc
    Cisco core policy that routes 80/443 to transparent proxy on a WiFi VLAN
    Windows desktops have direct proxy settings in IE
    Pretty much all outbound ports are closed with 80/443 and a handful of specifics for various things open. Because of this Skype attempts to use 80/443 which are sent to the proxy server but bnecause they're not HTTP/HTTPS they cannot be understood. Skype attitude is to open 1024-65535 which is just plain stupid!
    There's no way to specify which port(s) Skype uses for outbound. I tried opening 33000-33099 which worked perfectly for 2-3 devices (Win laptop, iPad) but others failed all the time.
    I've seen people mention using an AIP-SSM module in the ASA for blocking Skype (and other things eg torrents). Is it possible to use this module to allow Skype eg on ports 1024-65535 whilst blocking any other application from using those ports?
    Any advice on the handling of Skype in this configuration would be appreciated.

    Hi Steve,
    To block skype is not that easy i am sharing a piece of work which i did some time ago. Hope it might be helpful in case you need to block skype.
    Its just a workaround and you may decide your course of action
    these are skype login servers:
    "dir1.sd.skype.net:9010", "dir2.sd.skype.net:9010",  "dir3.sd.skype.net:9010", "dir4.sd.skype.net:9010",  "dir5.sd.skype.net:9010", "dir6.sd.skype.net:9010",  "dir7.sd.skype.net:9010", "dir8.sd.skype.net:9010"  "http1.sd.skype.net:80", "http2.sd.skype.net:80",  "http3.sd.skype.net:80", "http4.sd.skype.net:80",  "http5.sd.skype.net:80", "http6.sd.skype.net:80",  "http7.sd.skype.net:80", "http8.sd.skype.net:80" Skype-SW connects  randomly to 1-8.
    if you want to block skype totally and dont want to spend alot on your firewall. you can use Squid proxy running on OpenBSD.
    The below is not an accurate but near by or approximate study of how Skype operates, and is not a comprehensive analysis of its behaviour :
    1) Skype will initially attempt to contact supernodes, the IPs of which are in a file stored along with the other files that Skype installs. The first method of contact is direct. The source ports that Skype attempts to connect from are non-default ports. From my observations I could see that the UDP source port 1247 is the initial control channel. Once the connection is established, the rest of the communications is done in TCP over non-default source ports with ranges sweeping from 2940-3000. In general, any company that is serious about its security policy would have strict egress filtering rules, which makes identifying the non-default source/destination ports that Skype uses irrelevant since they would be blocked anyway.
    2) If the above fails, Skype will use the proxy server specified in Internet Explorer, and attempt to tunnel the traffic over port 443 using the SSL protocol. The destination IPs are of course random as above, which makes destination blocking out of the question. The only option left is to block SSL, which is not really a solution, unless you want to end up excluding all legal SSL destinations.Deleting the user's proxy settings would also disallow Skype from connecting. That would however leave the user without internet access. Even if the user had no proxy settings, and the proxying was done transparently (which would definitely include proxying http and https traffic), the Skype traffic (SSL) would again be transparently proxied, which puts us back at square one.
    The Alternative That Works :
    Internet access services in our corporate workplace are provided by our proxy servers. The setup is basically quid-proxy running over OpenBSD. PF (packet filter, OpenBSD's built-in firewall) takes care of all the egress/ingress filtering, and the rest of the content filtering is done in Squid using custom-written accesslists. Blocking Skype's default operation was a no-brainer, as our strict egress filtering rules block all outgoing traffic. The problem was with Skype detecting the user's proxy server, and tunneling its traffic over Squid. Upon checking Squid's access logs, all we could see was requests made by the user's machines using the 'Connect' method to random destination IPs.
    As mentioned above, blocking SSL or the 'Connect' method, means blocking access to all legitimate websites that use SSL (Hotmail, Yahoo,E-banking, E-commerce websites, e.g any website that is secured by SSL).Should you go down that road, you would have to explicitly allow all permitted destinations (an ongoing technical nightmare).
    The catch in successfully blocking Skype given all of the above, would be to block access to requests made by clients, to destination specified by their numeric IP address, AND using the 'Connect' method to tunnel the Skype data. I have done that simply by writing an access list in Squid that achieves just that. The access-list is in regex (regular expression) format that identifies numeric IP addresses. The access-list further specifies the connection method that the client is using. In Squid the 'Connect' method is conveniently called 'Connect' as well.
    The access list then is of the following form :
    # Your acl definitions
    acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
    acl connect method CONNECT
    # Apply your acls
    http access deny connect numerics_IPs all
    Regards
    Anim Saxena
    *Rate helpful posts*

  • Cant block "skype" traffic By Nbar !!??

    Hiiii ,
    im trying to block traffic of skype by cisco NBAR , i have cisco router 1941
    with ios :
    System image file is "flash0:c1900-universalk9-mz.SPA.152-4.M5.bin"
    im trying to match skype traffic by "match protocol skype"
    but it dont match !!!
    i googled , i found many articles that say that  new lastet version of skype use https protocol for VOIP !!!
    so , im here asking
    wt other factors i can wotk so that i match skype traffic ?
    i need to stop skype , whatsupp , viber traffic
    i have a big difficulties with that , cause all of then use https !!!!
    can we match hello messages or packets length and block them ?
    i found somebody says :
    route-map block-skype-https permit 10
    match lenght 112 112
    set interface null 0
    not sure if this info is correct !
    plz advice me...
    regards

    any help ???
    do ui need next generation firewall ? or ssl firewall  or something like that ?

  • WSA s170 - How to block skype and download

    Hi,
    I recently changed my proxy solution from BlueCoat ProxySG to Cisco WSA but I'm finding some difficulties to operate the appliance. 
      a - I can't have multiple defaults route
      b - How can I block skype traffic?
      c - How can I block download
      d - No graphical interface for logging
    I hope some here can help me. Because I don't know yet if it was a good choice change the solution that used to work like a charm.
    If some one can also point the other good things I can do with this appliance should be good.
    Best regards,
    Alcides 

    It sounds like it may be best for you to reach out to the sales person that sold you this appliance.  But some quick answers for you:
    a) You can go to Network > Routes.  You can set routes based on destinations.  What exactly are you trying to do with multiple default routes?  Are you trying to get some kind of fail-over setup?  If so, this cannot be done.  You can contact TAC and ask that they submit a feature request for this.
    b) Skype can be blocked by the WSA, but after Skype determines that it cannot logon via port 80 or 443, it will start trying every port ever existed until it gets access.  Are you ready to block all other ports at the firewall?
    c) You can block a download by file types under Access Policies > Mime Type.
    d) There is web tracking.  But if you want to view live logs in the GUI, that is not available.  Consider contacting TAC and asking for a feature request as well.
    It sounds like you are very used to the Bluecoat.  Different products will have different features. 

  • Any help on blocking Skype access on a school netw...

    I just started helping with IT work at a middle school.  The kids are always trying to waste time in class instead of working (nothing new there!) and part of my job is to cut access to games, social networking sites, etc...  School isn't the place for those things, that's for after school / home.  We're doing pretty well on most of this - IM stuff, Facebook, etc... but Skype is giving us trouble.
    Can anyone provide some info on how we can block this at the network / firewall level?  The kids have their own laptops so we can't block the program itself.

    Considering you can't even block skype on the firewall then the network is hardly going to know the difference between there "break time" and when they are in a lesson. Maybe do a time constrait? so during their lunch time the restrictions are lifted? And yes I agree they shouldn't be doing it when the teacher is talking to them, thats just rude. But it does annoy me that everyone suffers just because a couple people take advantage.
    I used to be the hard working kid and I only played games occassionally but it was a right struggle. They will find a way to get round it anyway though. E.g. page 10 of google until they get to a certain game site or whatever. But yeah I would help you but I don't know how.
    I also find it quite halarious that students are making exactly the same posts but with the complete opposite intentions haha! E.g. what proxy will let me have 10 minutes of fun in a ultra boring class. I mean lets face it, if they are bored enough to go on skype then they aren't going to take anything in even if they couldn't go on skype. They would just look at the walls or chat to there friends. I would suggest maybe using software which allows you to "see" there screens. Or let the teacher do it? With remote control included in it. So you could take control of there mouse and hit x . They had it in my school during the last 2 years and it worked. They even let me use it as an I.C.T prefect

  • BLOCKED out going packets?

    What is all the outgoing packet problems from my PS4?  loads of packets blocked?
    What is the problem?
    21:13:27, 22 Sep. BLOCKED 62 more packets (because of Packet invalid in connection)
    21:13:24, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:58487-​>54.68.118.39:443 on ppp3)
    21:11:39, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:51537-​>54.183.30.255:443 on ppp3)
    21:11:25, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:51523-​>54.183.30.255:443 on ppp3)
    21:11:24, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:51522-​>54.183.42.116:443 on ppp3)
    21:10:49, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:59220-​>54.201.29.164:443 on ppp3)
    21:10:43, 22 Sep. BLOCKED 1 more packets (because of Packet invalid in connection)
    21:10:42, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:55848-​>54.201.29.164:443 on ppp3)
    21:10:41, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:53284-​>54.201.29.164:443 on ppp3)
    21:10:40, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:54297-​>54.201.29.164:443 on ppp3)
    21:10:39, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:49635-​>54.201.29.164:443 on ppp3)
    21:10:38, 22 Sep. OUT: BLOCK [9] Packet invalid in connection (TCP 192.168.1.64:53904-​>54.201.29.164:443 on ppp3)

    people just get paranoid over hub log entries sometimes i wish they would delete the logs
    If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

  • Please :( .. How to block Skype account ??

    Hello,
    please .. How to block Skype account ??
    Someone set up an account on Skype and put the means of communication data sister of Mobile Numbers Ground and the number of the house and put the name of indecent and improper
    Please help to continue to support Skype team to block or delete this account as soon as
    this is fake Acount: amany_20133
    thanks

    Dear Readers;
    Please review the information in this FAQ article:
    Can I Delete My Skype Account?
    and then please contact Skype Customer Service to file your request as indicated in the instructions.
    Regards,
    Elaine
    Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
    Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often!

  • U-verse blocking skype calls

    Has anyone encounter this situation? While using skype from my desktop to make calls I have come across the issue of my calls getting dropped at the 4 to 5 minute mark. Had a tech from skype help with a live call as it got dropped at the 5 min. mark.He mentioned an error message that came up.Basically that my ISP ( ATT)  is blocking some services of skype.ISP is blocking calls to specific countries or #'s.His solution was to call ATT and ask to un-block skype. Att support ran some test and told me that everything was fine . They did not find any filters or blocking in my system.Passed me over to a tech help line connected toatt where I have to pay for any support to look into this situation. I declined since this is not my doing but perhaps ATT control of useage .Phone calls are still being dropped and no one knows why.I do  not have cell phone service from ATT . 

    I would recommend that you send a Private Message to the ATTU-verseCare Community Specialist team.  One of the specialists will respond to your PM shortly.  Please look for the flashing envelope at the top right of the page for your response from a team member. If they will do it, these guys will know and be able to get it done.

  • Blocked Skype account

    I lost use of my Skype on my MacBook since mid-July and the support team they have there has been useless. I can get it on my iPhone just fine, but Skype is more effecient on my laptop. I've talked with a lot of people on the site, but they say they cannot restore the program to my laptop. I asked why. Here is the reason they claimed:
    "We are sorry to inform you that we cannot make changes on your account for you to sign in to Skype using your Mac OS device.
    Our filters indicate that your Skype account is using a computer network that has been previously used for fraudulent activity in which we cannot disclose as to what fraudulent activity would that be as we only have limited permission to view such account information."
    I felt like they needed to supply some proof, so here's what they said a couple weeks later.
    "Your device cannot be unblocked because there were other multiple accounts used to sign in to that device which are blocked due to spam and this is the reason why that particular device is restricted."
    Now, what is THAT supposed to mean? I have never sent any sort of spam to anyone while messaging them, so it seems ridiculous they won't supply substantial evidence. They keep wanting me to use other devices (and other computers -- I only have this one laptop).
    Can someone of better use help me here??

    I've got exactly the same problem.
    I linked my microsoft account and my Skype account and i also loged in my xbox one. The problem is that since that day i can't log in again with my skype/hotmail account. I sent a mail to the customer service and they answered me with that message:
    Estimado Raúl,
    Lamentamos informarle de que el error que está experimentando se debe a una restricción indefinida de su cuenta que no podemos revocar. Dicha restricción se ha llevado a cabo por motivos de seguridad y lamentablemente cualquier producto que tuviese aún activo en su cuenta ha sido eliminado.
    Le sugerimos que abra una nueva cuenta de Skype para poder acceder a los muchos servicios que tenemos para ofrecerle.
    Atentamente,
    María B.
    Departamento de Atención al cliente de Skype"
    As you can see (yes, i know it's in spanish) María told me that it's a restriction that they can't revoke :S
    How can I unlink (or recover) my hotmail account from the skype account?
    If you want more information i can send you my microsoft address via private message.
    Thanks!

  • Account Blocked -- Skype Support Won't Unblock

    Skype blocked my account after an unauthorized login and order and has since made it impossible for me to unblock it. If anyone has successfully gone through this process or gotten their Skype credit refunded, I would love to hear how.
    Over the past couple months, I have completed their unblock account form (both on the support website and from the follow up email link) at least 10 times and have emailed their customer support.  Each time, their customer support emails me and sends me back to the SAME FORM (even though I have, in the form comments, been including my "case number").  At first I could not remember when I opened my account or my payment method and left those fields blank but added notes about the approximate time (6 years ago).  I have since reconstructed that information from my files.  I am 100% certain that the information I have provided on the forms (at least the last 4 times) has been complete and accurate.
    It is  unconscionable for Skype and Microsoft to hold my credit amount hostage and provide ZERO customer support.  The email responses often have typos, and for a moment I thought that I might have actually clicked a link to a fradulent website that was actively trying to rip me off! I went back to their website and resubmitted the form and got the same run around -- it really is Skype/Microsoft having appalling customer service.
    I would report them as I believe that their holding account credit hostage must violate some sort of consumer protection.  (If their awful customer support really can't verify my identity, shouldn't they just be able to refund my Skype credit to the original payment method?).
    At this point I really just want my money back, to close my account, and NEVER use Skype again.  

    jlnyc wrote:
    Skype blocked my account after an unauthorized login and order and has since made it impossible for me to unblock it. If anyone has successfully gone through this process or gotten their Skype credit refunded, I would love to hear how.
    Over the past couple months, I have completed their unblock account form (both on the support website and from the follow up email link) at least 10 times and have emailed their customer support.  Each time, their customer support emails me and sends me back to the SAME FORM (even though I have, in the form comments, been including my "case number").  At first I could not remember when I opened my account or my payment method and left those fields blank but added notes about the approximate time (6 years ago).  I have since reconstructed that information from my files.  I am 100% certain that the information I have provided on the forms (at least the last 4 times) has been complete and accurate.
    It is  unconscionable for Skype and Microsoft to hold my credit amount hostage and provide ZERO customer support.  The email responses often have typos, and for a moment I thought that I might have actually clicked a link to a fradulent website that was actively trying to rip me off! I went back to their website and resubmitted the form and got the same run around -- it really is Skype/Microsoft having appalling customer service.
    I would report them as I believe that their holding account credit hostage must violate some sort of consumer protection.  (If their awful customer support really can't verify my identity, shouldn't they just be able to refund my Skype credit to the original payment method?).
    At this point I really just want my money back, to close my account, and NEVER use Skype again.  
    horrible horrible, just had the same drama, after a week of robotic email replies I thought, maybe it IS a robot! Then I thought with incredulity, I've been trying to explain myself time and time again TO A ROBOT!!!  It is scary that you can't prove who you are even when it really is you.  I finally got onto a real person at Microsoft and have got a new account working (after much fiddling around, as the other one kept opening by default) but the other one is still in limbo with my credit in it.  

  • Landline Call Privacy Blocking Skype

    I don't know if this is a problem unique to Canada but I have found that and increasing number of landlines have call privacy  enabled(with many not even being aware of this service).  Call privacy blocks calls from without a phone ID.  I have linked my skype account to my mobile phone number but that does not appear to be working. 
    Skpye callers can circumvent this by entering a number or hitting # but all of this seems clumsy.  Has anyone found an more elegant way (without resorting to purchasing a Skype number) to work around this "feature".
    Thanks in advance
    hip 

    Hi, Anagramas, and welcome to the Community,
    You added your post at the end of a topic in which the original poster defined a problem with a Freetalk device.  If you are having the same issues, please do post back with details such as your computer set-up, version of Skype you are using and on which computer or device as well as the operating system.
    If not related to a Freetalk device, please start a new topic on the Skype Account: Rates & Subscriptions message board.  Thanks!
    Regards,
    Elaine
    Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
    Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often!

  • Blocking skype calls from certain parts of the wor...

    Hi, i was wondering if it's possible to configure my router or something to block incoming calls from people in the US calling me in europe while still being able to call people from europe to europe?

    Hello,
    That's not possible - nor necessary. Just adjust your "privacy" parameters
    TIME ZONE - US EASTERN. LOCATION - PHILADELPHIA, PA, USA.
    I recommend that you always run the latest Skype version: Windows & Mac
    If my advice helped to fix your issue please mark it as a solution to help others.
    Please note that I generally don't respond to unsolicited Private Messages. Thank you.

  • Block Skype Ads Quick and Easy

    Hi everyone, I was trying to find a way to block all these annoying ads that the new Skype has introdused.  There where a couple of ways to actually achieve this but most of them where not working after Skype was updating. Below is the way that works regardless the Skype version as it 'hits' directly in the source, the ads themselfes.  1 Press Windows+R and type C:\Windows\System32\drivers\etc\hosts   OR 1. Navigate to the folder C:\Windows\System32\drivers\etc\ , right click on the hosts file and hit Open (or edit with Notepad++ if you have it)2. Select Notepad or any other text editor you prefer
    2. Add at the bottom of the file the lines below: # Skype Ads Blocker
    127.0.0.1 rad.msn.com
    127.0.0.1 live.rads.msn.com
    127.0.0.1 ads1.msn.com
    127.0.0.1 static.2mdn.net
    127.0.0.1 g.msn.com
    127.0.0.1 a.ads2.msads.net
    127.0.0.1 b.ads2.msads.net
    127.0.0.1 ac3.msn.com# End Skype Ads Blocker
    3. Save and restart your Skype app.
     What you are basically doing is blocking the servers that Skype is pulling the ads from.  If you have any problems after applying this fix or you want to see these beatifull ads again (you must be drunk to do so! ) simply remove the lines you've added in the host file. Hope this helps someone. PS1: Tested to version 6.16+PS2: This should not breach the Terms and Conditions/User Agreement with Skype as you are NOT manipulating or editing Skype itself. You are simply blocking traffic from some specific servers ( just mentioning in case we have people starting a catastrophe reply marathon )

    etc seems to be hidden within the drivers folder. In Windows Explorer you can click on the address bar and enter the path to that folder manually:C:\Windows\System32\drivers\etc Note that you might need to edit the host file using admin rights. And btw: If you don't mind losing your "Skype Home" than one line is sufficient:127.0.0.1    apps.skype.com 

  • Need to block Skype, MSN etc...

    Hi there, is there any way to block those services? Xserver distributes our DHCP.
    Thanks
    Dave

    There's a multitude of ways of doing it - too many to list without knowing something about your network setup.
    Most of the options hinge around managing the network edge - typically at the router and/or firewall that connects you to the outside world, but there are many other options, including preventing the user from launching the app on the client (requires managed accounts) or IP filters/firewalls running on the clients.

  • How to Block Skype Features?

    Hi,
    I am interested in using Skype for users in my organization but in a restricted mode. I only want to allow video calls and no feature other than this e.g. File Transfers, Chat, etc...
    Kindly help.
    Regards,
    Usman Khalid

    Hi, Usman, and welcome to the Community,
    I suggest a review of the information presented in these FAQ articles:
    https://support.skype.com/en/faq/FA10915/what-is-s​kype-business-version-and-how-is-it-different-from​...
    One of our Community's technical gurus recently reviewed this Guide and assures me the information is still accurate despite references to a no-longer-supported version of Skype:
    https://support.skype.com/en/doc/DO5/skype-it-admi​nistrators-guide
    Here is how to contact the Skype for Business team:
    Using Skype in your business
    Transform the way your business works with cost effective and collaborative tools.
    Contact our solutions team
    Best regards,
    Elaine
    Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
    Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often!

Maybe you are looking for

  • Itunes wont recognize iphone 3G

    OK, I have tried every solution on Apple's website with no luck. I am at the end of my rope. I have 2 old iphone 3G's. I would like to use one of them as an ipod touch. The only problem is, when I plug either of them in, itunes freezes up for about 3

  • How to pass a presentation variable to new window?

    Hi Experts, I need to give a link on Dashboard1 which opens Dashboard2 in new window. Is there any way that I can pass a presentation variable value of Dashboard2 from Dashboard1's link?? Thanks.

  • Slow BB connection, any chance of a change in prof...

    Like the title says, my internet is so slow that i cannot even stream a youtube video, is there any chance this can be rectified somewhat? My latency type is currently set to 'fast', would interleaved be a better option? I don't play games or anythin

  • Anti virus for asha 201

    I have Nokia asha 201 . Is there any free anti vir​us for my handset. I am already going to install k​aspersky, netqin etc. but it's not download proper​ly. Now what can I do.  Solved! Go to Solution.

  • Payment proposals

    At the moment the overnight batch job creates payment run parameters and proposals for all company codes. Accounts Payable have requested that with immediate effect this batch job should only create the parameters. Can any one let me know how to go a