Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

preventing skype traffic

I want rto block skype traffic at all.

I have a choice of:

- Cisco router (870, which should handle Flexible Packet Matching)

- Cisco switch (cat6500 - sup720 and sup32 NOT PISA EQUIPPED)

- Cisco ASA 5520 (Modular Policy Framework)

Been playing with 870 and FPM at first, but it seem not to block newer (3.x) skype releases (TAC case is active).

Any Idea/hint?

4 REPLIES
Silver

Re: preventing skype traffic

It involves configuring policies and applying it to a interface.

http://ciscotips.wordpress.com/2006/06/07/how-to-block-skype/

Bronze

Re: preventing skype traffic

The last time I checked, NBAR can only recognize Skype v1.0, not the latest version which I believe is 3.0. Although I have my gripes about NBAR (quite often it just matches traffic on the source/destination port, and doesn't actually match on the payload. Kazaa is a good example), I think this is an issue with the way Skype is purposefully encrypting itself in order to evade detection.

For a while our IPS sensors were firing on the "OpenSSL TLS Malformed Handshake DoS" signature, and we concluded that was part of the initial Skype handshake.

Good luck

New Member

Re: preventing skype traffic

Yes, Cisco states that skype NBAR only supports "skype version 1.4"

Checking for malformed HTTPS was something I though about; maybe will work out a solution, and post here...

Thank you for the hint.

New Member

Re: preventing skype traffic

I think in order to completely block skype you need a combination of IPS, Firewall and Proxy (for ssl).

Because it is a very dynamic application that tries different method to connect(udp, http, https).

-hamid

501
Views
0
Helpful
4
Replies
CreatePlease to create content