Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Custom user agent to block Skype

Hello Ironportians,

I was wondering if any of you has info about the Custom User Agent that can be used to block Skype. Furthermore, I'd like to know if someone has tried blocking this application accross the WSA and if there's any piece of advice you can share.

Thanks in advance!

5 REPLIES
New Member

Re: Custom user agent to block Skype

Armando,

We are working on ways to better block Skype. Here is some information I can share about Skype.

The problem with skype is that among opening random TCP/UDP ports it also listens to activity on ports 80 and 443. Therefore blocking skype is not possible unless we resort to "deep-packet" inspection, which is something that we don't currently do.

There is an excellent presentation here on reverse-engineering Skype, which might help you with some more information with how this application works.

http://www.secdev.org/conf/skype_BHEU06.handout.pdf

New Member

Re: Custom user agent to block Skype

Armando,

Also, I have heard that this is the regex to match Skype:

[^(\n|\r)]+Skype/i

Many thanks

Thanks indeed

Re: Custom user agent to block Skype

Hello,

Thanks for your reply. Can you let me know exactly where can I place this string? I've tried placing it under custom user agents to be blocked, but no luck. Thanks again!

Armando,

Also, I have heard that this is the regex to match Skype:

[^(\n|\r)]+Skype/i

New Member

Re: Custom user agent to block Skype

I recommend getting a packet capture to see exactly what User-agent Skype is using. I wouldn't be surprised if Skype changed to something else or found another way out to the internet.

Skype is incredibly elusive and is extremely difficult to block without inline mode and deep packet inspection.

1735
Views
0
Helpful
5
Replies