Skype bypasses proxy

On Sat, 29 Oct 2005 18:35:25 +0100, JC <nospam@nospam.comm> wrote:

>On Sat, 29 Oct 2005 01:38:56 +0100, "Ivor Jones"
><ivor@despammed.invalid> wrote:
>
>>> Ummm, it's how the internet works, rightly or wrongly.
>>> Anyone can (potentially) send traffic to anyone else,
>>> even unwanted traffic.
>>
>>Via my system, when it's not running..? Now that's what I call clever.
>
>If there's something connected to a line (such as a powered on router)
>then potentially yes, though it would take a security hole or
>incorrect config to enable you to be used as a third party relay.
>
>With a PC connected and proprietary software such as Skype installed
>anything's possible.
>
>Rgds
>Jonathan

I have it in the task bar and every now and then it changes briefly to
the "away" symbol, then turns back again. What does that, any ideas?

BB
--
www.kruse.co.uk/ seo@kruse.demon.co.uk
Elvis does my SEO

"Big Bill" <kruse@cityscape.co.uk> wrote in message
news:k7m7m1dc2g2c84381mat8n6okrfo86asg4@4ax.com

[snip]

> I have it in the task bar and every now and then it
> changes briefly to the "away" symbol, then turns back
> again. What does that, any ideas?

It just tells people who have you in their contact list that you haven't
used the keyboard or mouse for a while and so may not be at the computer
to receive a call. If you move the mouse or touch the keyboard it changes
back to online. It's just an activity (or lack of it) indicator. Yahoo IM
has the same thing. I think the delay is user-settable but I've never
checked.

Ivor

On Sat, 29 Oct 2005, hairydog@despammed.com wrote:

> On Sat, 29 Oct 2005 16:01:15 +0100, "Alan J. Flavell"
> <flavell@ph.gla.ac.uk> wrote:
>
> >Indeed. But if, for example, you're on a university campus and
> >connected to their network, then you'd have no authority to "sell-on"
> >the campus resources in this way.
>
> That's not Skype's fault.

Who suggested that it was? I merely noted that their terms and
conditions are incompatible with a supplier whose terms of reference
don't allow this kind of usage.

> However, if it is affecting your university's connectivity,

By no means. Due to the excellent network connectivity, a single user
node on campus seemed - in one incident that we heard about - to have
turned itself into a major Skype switching centre, carrying traffic
from thousands of different IP addresses, and setting off network
security alarms which are designed to react to hosts which have been
compromised and are being exploited.

> perhaps there is a serious problem somewhere.

The fact is, the end users really *don't* have any legal right to
consent to the university's network being used in that way by a third
party or parties. That's the "serious" problem.

On Sat, 29 Oct 2005 23:12:57 +0100, "Ivor Jones"
<ivor@despammed.invalid> wrote:

>
>
>"Big Bill" <kruse@cityscape.co.uk> wrote in message
>news:k7m7m1dc2g2c84381mat8n6okrfo86asg4@4ax.com
>
>[snip]
>
>> I have it in the task bar and every now and then it
>> changes briefly to the "away" symbol, then turns back
>> again. What does that, any ideas?
>
>It just tells people who have you in their contact list that you haven't
>used the keyboard or mouse for a while and so may not be at the computer
>to receive a call. If you move the mouse or touch the keyboard it changes
>back to online. It's just an activity (or lack of it) indicator. Yahoo IM
>has the same thing. I think the delay is user-settable but I've never
>checked.
>
>Ivor
>

Ta.

BB
--
www.kruse.co.uk/ seo@kruse.demon.co.uk
Elvis does my SEO

In article <Pine.LNX.4.62.0510292309320.1765@ppepc56.ph.gla.a c.uk>,
"Alan J. Flavell" <flavell@ph.gla.ac.uk> writes:
> By no means. Due to the excellent network connectivity, a single user
> node on campus seemed - in one incident that we heard about - to have
> turned itself into a major Skype switching centre, carrying traffic
> from thousands of different IP addresses, and setting off network
> security alarms which are designed to react to hosts which have been
> compromised and are being exploited.

I've had the same issue at home. Visitors used to get real IP
addresses when they connected up their laptops. I found my DSL
line was getting hammered by what I though was virus traffic
initially, but turned out to be skype. I moved the visitor
connections onto a 192.168.x.0 network with much outgoing also
blocked in the firewall, and that reduced the problem.
I hadn't realised until I read the PDF paper referred to
earlier in the thread that the real IP addresses could also
have been a significant contributor to the issue.

--
Andrew Gabriel

On Sun, 30 Oct 2005, Andrew Gabriel wrote:

> I've had the same issue at home. Visitors used to get real IP
> addresses when they connected up their laptops. I found my DSL
> line was getting hammered by what I though was virus traffic
> initially, but turned out to be skype.

Just so - that's what seems to have set off the reported network
alarms here. It's most unusual for an individual node to be
communicating with thousands of different external IPs under normal
circumstances in a relatively short period of time, and it looks,
prima facie, as if the node has been compromised and is attacking the
rest of the Internet. At least in the kind of environment we're
accustomed to.

> I moved the visitor connections onto a 192.168.x.0 network with much
> outgoing also blocked in the firewall, and that reduced the problem.
> I hadn't realised until I read the PDF paper referred to

http://arxiv.org/ftp/cs/papers/0412/0412017.pdf

> earlier in the thread that the real IP addresses could also
> have been a significant contributor to the issue.

Quite. As I read it, it says that any node with a public IP address
could become a "super" node, at the discretion of the software itself,
and in section 4.5 it says that media traffic between certain kinds of
NAT-ed node would be passed via a proxy process at a node with a
public IP address.

IINM that means that by participating with a public IP address you're
not only liable to be used for control and administrative traffic, but
also as a media relay (proxy).

As hairydog said, it's not unreasonable to grant the use of some of
your own resources in exchange for getting a service; the flip side
here is that when the resources aren't your own, you've no right to
give them away. In that sense, your visitors were (inadvertently)
doing much the same.

best

viperdudeuk@gmail.com <viperdudeuk@gmail.com> wrote:
> No calls are *ALWAYS* from point A to B direct. However the presence
> and registration traffic can go via supernodes.

Unfortunately you are wrong. Skype is built on the same technology and
ideas as used by Kazaa, Gnutella, and other P2P applications. I believe
the phrase is that these protocols allow data to "go through firewalls
like a hot knife through butter".

There are certain firewall combinations that mean it is not possible for
traffic to flow directly between two peers. If one of these peers tries
to make a call to the other it would ordinarily fail. Skype handles this
transparently by routing the traffic via a third party.

A good explanation of the principles behind this can be found via
http://www.wikipedia.org/wiki/NAT.

Chris

viperdudeuk@gmail.com <viperdudeuk@gmail.com> wrote:
> Check your facts:
> 1, Calls are direct A -> B

No, they're not always. Read my other post for some pointers to reasons
why not.

Chris