Skype-Blocking Whack-a-Mole Continues

from the that-pesky-competition dept

Blocking disguised data from disruptive applications is a little like trying to hold back a river with a pine cone, and trying to block Skype is certainly the new black. Whether you're a repressive government looking to protect the interests of your state-run phone company, a University or company worried about security holes or bandwidth use, or you're a government annoyed that you're not getting the appropriate kickbacks, there's a growing number of hardware vendors now building gear specifically aimed at blocking Skype for you. The people that build these solutions had already stated that Skype was hard to detect and block, and apparently these companies are having even more trouble detecting the latest version released just a few weeks ago. The continuing game of cat and mouse is familiar to those watching ISPs trying to contain BitTorrent traffic. The easiest way for corporations or colleges to control Skype is to ban the executable from running on the desktop. For countries however this will be a neverending game of whack-a-mole. VoIP is simply data, and data can always be disguised - something Skype engineers seem to be getting better at with each incarnation.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    qyiet, Dec 11th, 2006 @ 8:23pm

    The odd thing is

    I have the same problem these hardware vendors do, but for the opposite reason.

    I want to give skype a high priority on my network (it being real time data and all), but it's so hard to pin down the traffic I can't isolate it.

    If anyone has any ideas, please post a link.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    The Swiss Cheese Monster, Dec 11th, 2006 @ 8:34pm

    Banning the Executable?

    Maybe on school owned comptuers that would work, but what about ones that the students bring to school with them? That might be more difficult.

    I suppose if each college created an application that had to be running for any student to gain network access, an application that would stop any offending applications or services from running on student computers - that might do the trick. But what about the old trick of renaming an executable to bypass run restrictions?

    I haven't tried doing that in a long time, I wonder if many of today's applications would still run if you rename the exe file that starts it?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Lincoln, Dec 11th, 2006 @ 8:47pm

      Re: Banning the Executable?

      I would expect the applications to still work. If you try renaming applications that the main exe depends on, then things could get a little wacky.

      Applications could also be blocked by md5 hash, nullifying the renaming trick. This would still be playing whack-a-mole, since program updates will change the hash.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 11th, 2006 @ 9:17pm

        Banning the Executable

        Calculating MD5 hashes for every application someone runs is time-consuming and unnecessary - you can also force an EXE to open up in notepad, add some random letter to the end of it and save it, and run your "new" program that will fail the MD5 check.

        Just have the program shut down any process with the name "skype" or whatever every couple seconds.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Crimsondestroyer, Dec 11th, 2006 @ 10:47pm

    RE: Banning the Executable

    Yeah this is a great way to stop Skype, because every time I hook my PC up to a network I want the network to have full access to it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    BrutalKanoodle, Dec 12th, 2006 @ 12:09am

    MMMMMMMM

    My firewall says skype packets are tasty

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    RedMatrix, Dec 12th, 2006 @ 4:31am

    Skype Rules

    I don't know what these companies are trying to do here. It's like a hand full of sand, the tighter you squeeze, the less you can contain.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 12th, 2006 @ 12:38pm

    another one word: latency.

    Ok, I'll explain it a little further: make your router inserting small random delays between packets. They'll be unnoticeable for web surfers, but experience of those who use traffic-consuming applications from Skype to YouTube will be less than pleasant.

    Most (if not all) those ad-hoc programs that hunt down specific applications are rather easy to fool / stop.
    If it's traffic that hurts, you'll need to target it, not the applications that can be run all the different ways, some of which can be just out of your control.

    Or, if you're so concerned, make it impossible to run *any* new apps, including those come as ActiveX controls, browser plugins, etc, etc. And disable all the USB ports. And the Remote Desktop. And ... oh, my ;)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Solo, Dec 12th, 2006 @ 2:29pm

    http tunnel all the way!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Brad, Dec 12th, 2006 @ 5:30pm

    the problem with skype is that it takes over pcs

    We found that SKype would rapidly take over any pc with a fixed ip, and use it to connect up other skype users who were behind routers. It did routwe the packets thru us, but it would have 500 connections going at once. The only way to stop it was to kill skype and start it over, and then after a day or so it would start doing it again.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    |333173|3|_||3, Dec 12th, 2006 @ 9:47pm

    Hopeless

    Blocking the Exe is hopeless, since the renaming trick does work for several games, including ones which have a large number of seperate processes running. THe md5 hash can be easily changed by adding a few bytes tot he end of the file, and it would even be possible to do this without taking up any extra disk space if you knew how large your sectors were.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    john richards, Dec 25th, 2006 @ 2:00am

    companies already block skype with opensource soft

    there is a widely used skype and P2P blocking solution in opensource.
    check this link http://www.lynanda.com/products/software-for-corporations/traffic-filtering
    I've heard that this solution is what companies use to forbid skype within their network. China is suspected to use this or a derivative
    I think that providing that kind of censorship technology is in total contradiction with the opensource philosophy. Some people suspect Skype to be at the origin of this blocking initiative, for political reasons.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Zack, May 1st, 2007 @ 11:18pm

    ... and with payware too

    That's right John, and there are also companies, even governments, that are using corporate firewall systems to block skype: http://voiptelephonyservice.blogspot.com/2006/10/block-skype-hype.html
    #1 on the list is reportedly the one that China Telecom has used.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This