Need to block Skype, MSN etc...

Similar Messages

• ASA5520 allowing/blocking Skype

  I have the following:
  redundant ASA5520s on v8.2(1)
  proxy server/web filter for blocking access to websites for staff/students
  users who want to use Skype
  Cisco Catalyst 4507 core
  a dozen VLANs for staff/student/WiFi etc
  Cisco core policy that routes 80/443 to transparent proxy on a WiFi VLAN
  Windows desktops have direct proxy settings in IE
  Pretty much all outbound ports are closed with 80/443 and a handful of specifics for various things open. Because of this Skype attempts to use 80/443 which are sent to the proxy server but bnecause they're not HTTP/HTTPS they cannot be understood. Skype attitude is to open 1024-65535 which is just plain stupid!
  There's no way to specify which port(s) Skype uses for outbound. I tried opening 33000-33099 which worked perfectly for 2-3 devices (Win laptop, iPad) but others failed all the time.
  I've seen people mention using an AIP-SSM module in the ASA for blocking Skype (and other things eg torrents). Is it possible to use this module to allow Skype eg on ports 1024-65535 whilst blocking any other application from using those ports?
  Any advice on the handling of Skype in this configuration would be appreciated.

  Hi Steve,
  To block skype is not that easy i am sharing a piece of work which i did some time ago. Hope it might be helpful in case you need to block skype.
  Its just a workaround and you may decide your course of action
  these are skype login servers:
  "dir1.sd.skype.net:9010", "dir2.sd.skype.net:9010",  "dir3.sd.skype.net:9010", "dir4.sd.skype.net:9010",  "dir5.sd.skype.net:9010", "dir6.sd.skype.net:9010",  "dir7.sd.skype.net:9010", "dir8.sd.skype.net:9010"  "http1.sd.skype.net:80", "http2.sd.skype.net:80",  "http3.sd.skype.net:80", "http4.sd.skype.net:80",  "http5.sd.skype.net:80", "http6.sd.skype.net:80",  "http7.sd.skype.net:80", "http8.sd.skype.net:80" Skype-SW connects  randomly to 1-8.
  if you want to block skype totally and dont want to spend alot on your firewall. you can use Squid proxy running on OpenBSD.
  The below is not an accurate but near by or approximate study of how Skype operates, and is not a comprehensive analysis of its behaviour :
  1) Skype will initially attempt to contact supernodes, the IPs of which are in a file stored along with the other files that Skype installs. The first method of contact is direct. The source ports that Skype attempts to connect from are non-default ports. From my observations I could see that the UDP source port 1247 is the initial control channel. Once the connection is established, the rest of the communications is done in TCP over non-default source ports with ranges sweeping from 2940-3000. In general, any company that is serious about its security policy would have strict egress filtering rules, which makes identifying the non-default source/destination ports that Skype uses irrelevant since they would be blocked anyway.
  2) If the above fails, Skype will use the proxy server specified in Internet Explorer, and attempt to tunnel the traffic over port 443 using the SSL protocol. The destination IPs are of course random as above, which makes destination blocking out of the question. The only option left is to block SSL, which is not really a solution, unless you want to end up excluding all legal SSL destinations.Deleting the user's proxy settings would also disallow Skype from connecting. That would however leave the user without internet access. Even if the user had no proxy settings, and the proxying was done transparently (which would definitely include proxying http and https traffic), the Skype traffic (SSL) would again be transparently proxied, which puts us back at square one.
  The Alternative That Works :
  Internet access services in our corporate workplace are provided by our proxy servers. The setup is basically quid-proxy running over OpenBSD. PF (packet filter, OpenBSD's built-in firewall) takes care of all the egress/ingress filtering, and the rest of the content filtering is done in Squid using custom-written accesslists. Blocking Skype's default operation was a no-brainer, as our strict egress filtering rules block all outgoing traffic. The problem was with Skype detecting the user's proxy server, and tunneling its traffic over Squid. Upon checking Squid's access logs, all we could see was requests made by the user's machines using the 'Connect' method to random destination IPs.
  As mentioned above, blocking SSL or the 'Connect' method, means blocking access to all legitimate websites that use SSL (Hotmail, Yahoo,E-banking, E-commerce websites, e.g any website that is secured by SSL).Should you go down that road, you would have to explicitly allow all permitted destinations (an ongoing technical nightmare).
  The catch in successfully blocking Skype given all of the above, would be to block access to requests made by clients, to destination specified by their numeric IP address, AND using the 'Connect' method to tunnel the Skype data. I have done that simply by writing an access list in Squid that achieves just that. The access-list is in regex (regular expression) format that identifies numeric IP addresses. The access-list further specifies the connection method that the client is using. In Squid the 'Connect' method is conveniently called 'Connect' as well.
  The access list then is of the following form :
  # Your acl definitions
  acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
  acl connect method CONNECT
  # Apply your acls
  http access deny connect numerics_IPs all
  Regards
  Anim Saxena
  *Rate helpful posts*

• I have just recently brought the blackberry curve 8310 and i am not able to access the internet, MSN etc. I rang my phone company(Crazy Johns) and they saif i cannot use the internet on this phone because they don't sell it anymore and i need a setting fo

  I have just recently brought the blackberry curve 8310 and i am not able to access the internet, MSN etc.
  I rang my phone company(Crazy Johns) and they saif i cannot use the internet on this phone because they don't sell it anymore and i need a setting for it to work.
  Can you please help me with this?
  Thanks Matthew.

  Hello,
  The services you listed in your post will require a data plan which is provisioned by your wireless provider. You may want to contact your wireless provider to see if you have the correct plan.
  Cheers,
  -FB
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.
  Click "Accept as a Solution" for posts that have solved your issue(s)!

• I updated iOS in iPhone 5 just now... But I can not download/install apps (Skype,Facebook etc.) from apple store...it shows error code -1009... What can I do...?

  I updated iOS in iPhone 5 just now... But I can not download/install apps (Skype,Facebook etc.) from apple store...it shows error code -1009... What can I do...?

  The error 1009 error is normally associated with a blocked country. There are a list of countries that Apple is not allowed to sell their software to due to US restrictions

• Any help on blocking Skype access on a school netw...

  I just started helping with IT work at a middle school.  The kids are always trying to waste time in class instead of working (nothing new there!) and part of my job is to cut access to games, social networking sites, etc...  School isn't the place for those things, that's for after school / home.  We're doing pretty well on most of this - IM stuff, Facebook, etc... but Skype is giving us trouble.
  Can anyone provide some info on how we can block this at the network / firewall level?  The kids have their own laptops so we can't block the program itself.

  Considering you can't even block skype on the firewall then the network is hardly going to know the difference between there "break time" and when they are in a lesson. Maybe do a time constrait? so during their lunch time the restrictions are lifted? And yes I agree they shouldn't be doing it when the teacher is talking to them, thats just rude. But it does annoy me that everyone suffers just because a couple people take advantage.
  I used to be the hard working kid and I only played games occassionally but it was a right struggle. They will find a way to get round it anyway though. E.g. page 10 of google until they get to a certain game site or whatever. But yeah I would help you but I don't know how.
  I also find it quite halarious that students are making exactly the same posts but with the complete opposite intentions haha! E.g. what proxy will let me have 10 minutes of fun in a ultra boring class. I mean lets face it, if they are bored enough to go on skype then they aren't going to take anything in even if they couldn't go on skype. They would just look at the walls or chat to there friends. I would suggest maybe using software which allows you to "see" there screens. Or let the teacher do it? With remote control included in it. So you could take control of there mouse and hit x . They had it in my school during the last 2 years and it worked. They even let me use it as an I.C.T prefect

• Cant block "skype" traffic By Nbar !!??

  Hiiii ,
  im trying to block traffic of skype by cisco NBAR , i have cisco router 1941
  with ios :
  System image file is "flash0:c1900-universalk9-mz.SPA.152-4.M5.bin"
  im trying to match skype traffic by "match protocol skype"
  but it dont match !!!
  i googled , i found many articles that say that  new lastet version of skype use https protocol for VOIP !!!
  so , im here asking
  wt other factors i can wotk so that i match skype traffic ?
  i need to stop skype , whatsupp , viber traffic
  i have a big difficulties with that , cause all of then use https !!!!
  can we match hello messages or packets length and block them ?
  i found somebody says :
  route-map block-skype-https permit 10
  match lenght 112 112
  set interface null 0
  not sure if this info is correct !
  plz advice me...
  regards

  any help ???
  do ui need next generation firewall ? or ssl firewall  or something like that ?

• HT1937 My iPhone has been stolen.I need to block the iPhone. How can I do it?

  Dear Sir,
  My iPhone has been stolen. I need to Block the iPhone.
  Please suggest me the ways to block the iPhone.
  With best regards

  Contact your carrier, they might be able to blacklist the device. If you have find my iPhone enabled you can try to track it. You can also remote wipe it.
  Change all of your passwords and call the police.
  More info:
  http://support.apple.com/kb/HT5668

• Hi, I forgot my user password mac 10.9.4 I don't need it to log in but i need it to make changes, etc. It says a password hasn't been set for this account but it still asks for one when i click on the lock icon. can anyone help me? thx!

  Hi, I forgot my user password mac 10.9.4 I don't need it to log in but i need it to make changes, etc. It says a password hasn't been set for this account but it still asks for one when i click on the lock icon. can anyone help me? thx!

  This is a little confusing since you say you have forgotten your password and then the system says you have not entered a password.  Even with an Admin account you must have a password to install software.
  If you are using Mac OS X 10.7 or above, you can change the admin password by restarting holding the Command and R keys, from the menu bar select Utilities, then Terminal.  When the Terminal window opens, at the cursor type exactly:
  resetpassword
  and press Enter.  When the Reset Password window opens, select the internal hard drive, and then the user account.  Type a new password twice, leave the Hint blank, and then Save.  Accept the next dialog that opens, and at the bottom of the Reset Password window agree to resetting the home directory permissions.
  Quit the Reset Password window, go to the apple left side of the menu bar, Restart.
  And you have a new password for your account.

• Need to block certain site!

  Guys, I desperately need to block one shitty site, called "www.livejasmin.com", which always jumps on my desktop after clicking to "view" a certain picture on a photo hosting or other site. I have set "blocking pop-ups", but it doesn't help a bit with this shitty "livejasmine"! I so tired to close down hundreds of pop-up "livejasmins", you can't even imagine! Plese, please help me to block those bastards once and for good, or I'll go kill somebody! P.S. Sometimes those suckers' address looks like "http://creatives.livejasmin.com/puw2/i/im/imagebam/rus/index.php?psid=ed_imbamw2ru&pstool=149_13656_151&pstour=t1&psprogram=REVS&site=jsm" and so on...

  Do a malware check with some malware scanning programs on the Windows computer.<br />
  You need to scan with all programs because each program detects different malware.<br />
  Make sure that you update each program to get the latest version of their databases before doing a scan.<br /><br />
  *http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  *http://www.superantispyware.com/ - SuperAntispyware
  *http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
  *http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  *http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
  See also:
  *"Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked

• How do I block a website so it cannot access my computer? I am having problems with ad sites downloading ads that are so large they lag my computer so badly that I can't do anything. I need to block those sites from downloading their ads.

  mookie1.com is downloading ads when I access websites. The downloads are LOOOOOOOOOONG and freeze my computer. I need to block the downloads.

  mookie1.com is downloading ads when I access websites. The downloads are LOOOOOOOOOONG and freeze my computer. I need to block the downloads.

• I need to block someone from emailing me, its is also important that they receive an undelivered message when they attempt to email me.  Can this be done?

  I need to block someone from emailing me, it is important that they receive an undelivered message when they attempt to email me.  Can this be done? I do not mind deleting the whole account and starting again, but i have not found a way as of yet.

  You can go to the Mail page at http://icloud.com , click on the cogwheel icon at top right, choose 'Rules' and set up a rule that moves all messages from this person to the Trash. However there's no way of producing an 'undelivered' message.
  As to deleting the account, this isn't possible; you can abandon using it and start another. If you do this, messages to it will pile up until the storage limit is filled, at which point they will be bounced with an 'Account over limit' message. Alternatively you could set up a 'Vacation message' in the Preferences which would inform anyone sending to that address that it was no longer in use.

• Need to block Numbers On UC 560

  Hello,
  I need to block 900 numbers on my Uc 560, how can i do that??? Is there a way to do it from CCA?? Please let me know how can i do that????
  Thanks,

  Hey
  With the new upgrade you can block numbers on your iphone5.
  Go to:
  Settings
  Phone
  And under calls you will see blocked. Its there

• Need to block a website

  I need to block a specific website. I am able to do it very easily on Internet Explorer but have found it very hard to do so with Firefox. I don't want to block all content, just this one website. How can I block it?

  see [[Block and unblock websites with parental controls|Block and unblock websites with parental controls]]

• Need to block someone from calling me on FaceTime

  I need to block a number from my iphone5 completely but the number can still get through FaceTime. What can I do? I already blocked the number on sprints side.

  Does anyone know if apple is even trying to fix this problem? It's very annoying and it is so inconvenient that someone I don't want contacting me can.

• I need to download skype on my iPad 2 and it asks for iOS 5 to do it how can I download iOS?

  need to download skype on my iPad 2 and it asks for iOS 5 to do it how

  If you have an iPad 1, the max iOS is 5.1.1. For newer iPads, the current iOS is 7.0.4. The Settings>General>Software Update only appears if you have iOS 5.0 or higher currently installed.
  iOS 5: Updating your device to iOS 5 or Later
  http://support.apple.com/kb/HT4972
  How to install iOS 6
  http://www.macworld.com/article/2010061/hands-on-with-ios-6-installation.html
  iOS: How to update your iPhone, iPad, or iPod touch
  http://support.apple.com/kb/HT4623
  If you are currently running an iOS lower than 5.0, connect the iPad to the computer, open iTunes. Then select the iPad under the Devices heading on the left, click on the Summary tab and then click on Check for Update.
  Tip - If connected to your computer, you may need to disable your firewall and anitvirus software temporarily.  Then download and install the iOS update. Be sure and backup your iPad before the iOS update. After you update an iPad (except iPad 1) to iOS 6.x, the next update can be installed via wifi (i.e., not connected to your computer).
  Tip 2 - If you're updating via wifi, place your iPad close to your router to preclude getting a corrupted download.
  How to Upgrade to iOS 7
  The iOS 7.0 update requires around 2.5 GB of storage space, so if your iPad is almost full, you may need to clear up some space. You can check your available space in Settings -> General -> Usage.
  There are two ways to upgrade to iOS 7: You can use your Wi-Fi connection, or you can connect your iPad to your PC and update through iTunes. We'll go over each method.
  To upgrade using Wi-Fi:
  Note: If your iPad's battery is under 50%, you will want to plug it into your charger while performing the update.
      1.    Go into the iPad's Settings.
      2.    Locate and tap "General" from the menu on the left.
      3.    The second option from the top is "Software Update". Tap this to move into the update settings.
      4.    Tap "Download and Install". This will start the upgrade, which will take several minutes and will reboot your iPad during the process. If the Download and Install button is grayed out, trying clearing up some space. The space required by the update is mostly temporary, so you should gain most of it back after iOS 7 is installed.
      5.    Once the update is installed, you may have to run through the initial steps of setting up your iPad again. This is to account for new features and settings.
  To upgrade using iTunes:
  First, connect your iPad to your PC or Mac using the cable provided when you purchased your device. This will allow iTunes to communicate with your iPad.
  You will also need the latest version of iTunes. Don't worry, you will be prompted to download the latest version when you launch iTunes. Once it installs, you may be asked to setup iCloud by logging into your iTunes account. If you have a Mac, you may be prompted on whether or not you want to enable the Find my Mac feature.
  Now you are ready to begin the process:
      1.    If you upgraded iTunes earlier, go ahead and launch it. (For many, it will launch automatically when you plug in your iPad.)
      2.    Once iTunes is launched, it should automatically detect that a new version of the operating system exists and prompt you to upgrade to it. Choose Cancel. Before updating, you will want to manually sync your iPad to make sure everything is up to date.
      3.    After canceling the dialog box, iTunes should automatically sync with your iPad.
      4.    If iTunes doesn't automatically sync, you can manually do it by selecting your iPad within iTunes, clicking on the File menu and choosing Sync iPad from the list.
      5.    After your iPad has been synced to iTunes, select your iPad within iTunes. You can find it on the left side menu under Devices.
      6.    From the iPad screen, click on the Update button.
      7.    After verifying that you want to update your iPad, the process will begin. It takes a few minutes to update the operating system during which time your iPad may reboot a few times.
      8.    After updating, you may be asked a few questions when your device finally boots back up. This is to account for new settings and features.
   Cheers, Tom