Skype-Blocking Whack-a-Mole Continues

from the that-pesky-competition dept

Mon, Dec 11th 2006 7:36pm — Karl Bode

Blocking disguised data from disruptive applications is a little like trying to hold back a river with a pine cone, and trying to block Skype is certainly the new black. Whether you're a repressive government looking to protect the interests of your state-run phone company, a University or company worried about security holes or bandwidth use, or you're a government annoyed that you're not getting the appropriate kickbacks, there's a growing number of hardware vendors now building gear specifically aimed at blocking Skype for you. The people that build these solutions had already stated that Skype was hard to detect and block, and apparently these companies are having even more trouble detecting the latest version released just a few weeks ago. The continuing game of cat and mouse is familiar to those watching ISPs trying to contain BitTorrent traffic. The easiest way for corporations or colleges to control Skype is to ban the executable from running on the desktop. For countries however this will be a neverending game of whack-a-mole. VoIP is simply data, and data can always be disguised - something Skype engineers seem to be getting better at with each incarnation.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

qyiet, 11 Dec 2006 @ 8:23pm

The odd thing is
I have the same problem these hardware vendors do, but for the opposite reason.

I want to give skype a high priority on my network (it being real time data and all), but it's so hard to pin down the traffic I can't isolate it.

If anyone has any ideas, please post a link.
[ link to this | view in chronology ]
- Anonymous Coward, 12 Dec 2006 @ 6:48am
  
  Re: The odd thing is
  One word - VLAN
  [ link to this | view in chronology ]
The Swiss Cheese Monster, 11 Dec 2006 @ 8:34pm

Banning the Executable?
Maybe on school owned comptuers that would work, but what about ones that the students bring to school with them? That might be more difficult.

I suppose if each college created an application that had to be running for any student to gain network access, an application that would stop any offending applications or services from running on student computers - that might do the trick. But what about the old trick of renaming an executable to bypass run restrictions?

I haven't tried doing that in a long time, I wonder if many of today's applications would still run if you rename the exe file that starts it?
[ link to this | view in chronology ]
- Lincoln, 11 Dec 2006 @ 8:47pm
  
  Re: Banning the Executable?
  I would expect the applications to still work. If you try renaming applications that the main exe depends on, then things could get a little wacky.
  
  Applications could also be blocked by md5 hash, nullifying the renaming trick. This would still be playing whack-a-mole, since program updates will change the hash.
  [ link to this | view in chronology ]
  - Anonymous Coward, 11 Dec 2006 @ 9:17pm
    
    Banning the Executable
    Calculating MD5 hashes for every application someone runs is time-consuming and unnecessary - you can also force an EXE to open up in notepad, add some random letter to the end of it and save it, and run your "new" program that will fail the MD5 check.
    
    Just have the program shut down any process with the name "skype" or whatever every couple seconds.
    [ link to this | view in chronology ]
Crimsondestroyer, 11 Dec 2006 @ 10:47pm

RE: Banning the Executable
Yeah this is a great way to stop Skype, because every time I hook my PC up to a network I want the network to have full access to it.
[ link to this | view in chronology ]
BrutalKanoodle, 12 Dec 2006 @ 12:09am

MMMMMMMM
My firewall says skype packets are tasty
[ link to this | view in chronology ]
RedMatrix, 12 Dec 2006 @ 4:31am

Skype Rules
I don't know what these companies are trying to do here. It's like a hand full of sand, the tighter you squeeze, the less you can contain.
[ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2006 @ 12:38pm

another one word: latency.

Ok, I'll explain it a little further: make your router inserting small random delays between packets. They'll be unnoticeable for web surfers, but experience of those who use traffic-consuming applications from Skype to YouTube will be less than pleasant.

Most (if not all) those ad-hoc programs that hunt down specific applications are rather easy to fool / stop.
If it's traffic that hurts, you'll need to target it, not the applications that can be run all the different ways, some of which can be just out of your control.

Or, if you're so concerned, make it impossible to run *any* new apps, including those come as ActiveX controls, browser plugins, etc, etc. And disable all the USB ports. And the Remote Desktop. And ... oh, my ;)
[ link to this | view in chronology ]
Solo, 12 Dec 2006 @ 2:29pm

http tunnel all the way!
[ link to this | view in chronology ]
Brad, 12 Dec 2006 @ 5:30pm

the problem with skype is that it takes over pcs
We found that SKype would rapidly take over any pc with a fixed ip, and use it to connect up other skype users who were behind routers. It did routwe the packets thru us, but it would have 500 connections going at once. The only way to stop it was to kill skype and start it over, and then after a day or so it would start doing it again.
[ link to this | view in chronology ]
|333173|3|_||3, 12 Dec 2006 @ 9:47pm

Hopeless
Blocking the Exe is hopeless, since the renaming trick does work for several games, including ones which have a large number of seperate processes running. THe md5 hash can be easily changed by adding a few bytes tot he end of the file, and it would even be possible to do this without taking up any extra disk space if you knew how large your sectors were.
[ link to this | view in chronology ]
john richards, 25 Dec 2006 @ 2:00am

companies already block skype with opensource soft
there is a widely used skype and P2P blocking solution in opensource.
check this link http://www.lynanda.com/products/software-for-corporations/traffic-filtering
I've heard that this solution is what companies use to forbid skype within their network. China is suspected to use this or a derivative
I think that providing that kind of censorship technology is in total contradiction with the opensource philosophy. Some people suspect Skype to be at the origin of this blocking initiative, for political reasons.
[ link to this | view in chronology ]
Zack, 1 May 2007 @ 11:18pm

... and with payware too
That's right John, and there are also companies, even governments, that are using corporate firewall systems to block skype: http://voiptelephonyservice.blogspot.com/2006/10/block-skype-hype.html
#1 on the list is reportedly the one that China Telecom has used.
[ link to this | view in chronology ]