Loading ...
Sorry, an error occurred while loading the content.
 

Re: skype over a proxy

Expand Messages
  • michael.hendrickx
    ... http://www.cisco.com/en/US/products/ps6723/products_white_paper0900aecd80633b0a.shtml Thank you for that link, i didn t know skype had a fixed value when
    Message 1 of 17 , Aug 1, 2007
      > [1]
      http://www.cisco.com/en/US/products/ps6723/products_white_paper0900aecd80633b0a.shtml

      Thank you for that link, i didn't know skype had a fixed value when it
      connected..

      http://www.securityfocus.com/infocus/1531 tells you how you can filter
      for strings in your payload, but you need to enable string support in
      IPTables. I guess you could trap for that 0x17030100 word then.

      --
      mh
    • michael.hendrickx
      I stand corrected - --hex-string is the one :) iptables -A INPUT -p tcp -m string --hex-string |00 11 22 33 44 | -j DROP -- mh www.code.ae They call it an
      Message 2 of 17 , Aug 1, 2007
        I stand corrected - "--hex-string" is the one :)

        iptables -A INPUT -p tcp -m string --hex-string "|00 11 22 33 44 |" -j
        DROP

        --
        mh
        www.code.ae

        "They call it an en-core"
      • Brad Campbell
        ... The issue here is this is exactly what etisalat is doing, along with what appears to be random and sporadic munging of the actual voice traffic (which is
        Message 3 of 17 , Aug 1, 2007
          michael.hendrickx wrote:
          >> [1]
          > http://www.cisco.com/en/US/products/ps6723/products_white_paper0900aecd80633b0a.shtml
          >
          > Thank you for that link, i didn't know skype had a fixed value when it
          > connected..

          The issue here is this is exactly what etisalat is doing, along with what appears to be random and
          sporadic munging of the actual voice traffic (which is much, much harder to classify).

          So, we can still solve the blocking of login packets by just specifying a proxy server in the skype
          config, but we can't force, route or drop skype voice traffic, which is what is needed to get it to
          route _everything_ over the vpn, thus my hack of iptables and a separate user for skype.

          Really interesting read Manu, ta :)

          Brad
          --
          "Human beings, who are almost unique in having the ability
          to learn from the experience of others, are also remarkable
          for their apparent disinclination to do so." -- Douglas Adams
        Your message has been successfully submitted and would be delivered to recipients shortly.