cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2677
Views
0
Helpful
5
Replies

Custom user agent to block Skype

Hello Ironportians,

I was wondering if any of you has info about the Custom User Agent that can be used to block Skype. Furthermore, I'd like to know if someone has tried blocking this application accross the WSA and if there's any piece of advice you can share.

Thanks in advance!

5 Replies 5

jowolfer
Level 1
Level 1

Armando,

We are working on ways to better block Skype. Here is some information I can share about Skype.

The problem with skype is that among opening random TCP/UDP ports it also listens to activity on ports 80 and 443. Therefore blocking skype is not possible unless we resort to "deep-packet" inspection, which is something that we don't currently do.

There is an excellent presentation here on reverse-engineering Skype, which might help you with some more information with how this application works.

http://www.secdev.org/conf/skype_BHEU06.handout.pdf

jowolfer
Level 1
Level 1

Armando,

Also, I have heard that this is the regex to match Skype:

[^(\n|\r)]+Skype/i

Thanks indeed

Hello,

Thanks for your reply. Can you let me know exactly where can I place this string? I've tried placing it under custom user agents to be blocked, but no luck. Thanks again!

Armando,

Also, I have heard that this is the regex to match Skype:

[^(\n|\r)]+Skype/i

jowolfer
Level 1
Level 1

I recommend getting a packet capture to see exactly what User-agent Skype is using. I wouldn't be surprised if Skype changed to something else or found another way out to the internet.

Skype is incredibly elusive and is extremely difficult to block without inline mode and deep packet inspection.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: