Custom user agent to block Skype

Unanswered Question
Mar 5th, 2008

Hello Ironportians,

I was wondering if any of you has info about the Custom User Agent that can be used to block Skype. Furthermore, I'd like to know if someone has tried blocking this application accross the WSA and if there's any piece of advice you can share.

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jowolfer Fri, 03/07/2008 - 17:17

Armando,

We are working on ways to better block Skype. Here is some information I can share about Skype.

The problem with skype is that among opening random TCP/UDP ports it also listens to activity on ports 80 and 443. Therefore blocking skype is not possible unless we resort to "deep-packet" inspection, which is something that we don't currently do.

There is an excellent presentation here on reverse-engineering Skype, which might help you with some more information with how this application works.

http://www.secdev.org/conf/skype_BHEU06.handout.pdf

jowolfer Fri, 03/07/2008 - 17:19

Armando,

Also, I have heard that this is the regex to match Skype:

[^(\n|\r)]+Skype/i

armando.costill... Mon, 03/10/2008 - 23:27

Hello,

Thanks for your reply. Can you let me know exactly where can I place this string? I've tried placing it under custom user agents to be blocked, but no luck. Thanks again!

Armando,

Also, I have heard that this is the regex to match Skype:

[^(\n|\r)]+Skype/i
jowolfer Wed, 03/12/2008 - 16:19

I recommend getting a packet capture to see exactly what User-agent Skype is using. I wouldn't be surprised if Skype changed to something else or found another way out to the internet.

Skype is incredibly elusive and is extremely difficult to block without inline mode and deep packet inspection.

Actions

This Discussion