A few weeks ago there was a lot of noise around how some companies (including the imaginatively named, Skypekiller. )could help entire countries, not to mention corporations block Skype. Now, thanks to an eagle-eyed reader, I have come across an open source way of becoming Skype-free. Using Squid proxy and OpenBSD, a poster on this mailing list was able to become Skype-free.
The choice of OS to run the proxy on is subjective (I chose OpenBSD as my network OS of choice for its proven security record and excellent reliability) and has no effect over the actual blocking mechanism. The same can be accomplished on any other BSD or Linux flavour.
A lot of companies have issues with Skype because of the security risks it poses. These supernodes are a big issue, as highlighted here by Aswath.
But my concern regarding Supernode is more substantial. It is suggested that since the Supernodes are nothing more than other Skype clients, Skype is infinitely scalable. I submit that this may not be the case. To begin with, a client is eligible to be a Supernode only if it has enough processing power and bandwidth capacity to perform the functions of a Supernode. Additionally, it is a requirement that they be present on the public Internet or behind a “transparent” NAT and a “permissive” Firewall.
Proof of Aswath’s theory is in this image published by Coobol (via Skype Journal)
The red-dots on the image are Skype’s Supernodes. They are not as plentiful as the Skype clients. As more and more people try and shut down the Skype running on their networks, the onus of running the SkypeNet will shift to the company and its parent, which is going to increase the capital expenditures. In the end that might be a good thing!
6 thoughts on “Blocking Skype with OpenBSD and Squid”
Skype security risks? They are about as great as having PCs run Windows on your network I guess (i.e. slim if you ensure everyone has up to date patches, possibly great otherwise). I wonder why there aren’t more security papers calling for corporations to dump Windows?
yes, they cashed out before the security breech alarm went off.
Guys from Coobol are going to complete Skype blocking solution based on their Supernode Identification technology within 20 days. Cool!
what parameters that can be used on squid to block the skype usage?
What really puzzles me, is why would anyone want to block skype in the first place… I look all over the internet for answers to this, and have come up with nothing.
Is it a ploy by the phone companies to steiffel the use of skype because it cuts into their profits? Or is it because some fascist country wants to have more control over how their citizens communicate?
And why would the OpenBSD community even care about blocking skype, when their whole philosophy is openness and sharing of information…
Is Skype that much hated…
NOTE: I may not ever gete back here to read what people might say about this, but use the Email address below to talk to me directly…
this address is a very highly spammed address,
so to get my attention… put “skype comments”
in the subject line please.
crunch at webcrunchers dot com…