OpenBSD Journal

Blocking Skype with OpenBSD and squid

Contributed by dhartmei on from the delicious-press dept.

In an article titled Net telephony blocked in number crunch, Sam Varghese writes on The Age:
A systems administrator in the United Arab Emirates has come up with a simple method to prevent a popular internet telephony program from being used.

The technical audience will find more details in Wael Ghandour's original post on the Full-Disclosure mailing list, but Sam's article contains this nice quote:

"I chose OpenBSD as my platform of implementation for various reasons, most important of which would be its rock-hard stability and excellent security record over the years," Mr Ghandour said. "The bug-audit process of the OpenBSD team is second to none, and the releases are timely and packed with great features."

(Comments are closed)


  1. By Anonymous Coward () on

    Using OpenBSD: Good.

    Using OpenBSD for evil purposes: Bad. :(

    1. By corentin () on

      Quoting Theo :

      "But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia."

      ;-)

      1. By Jason Crawford () jasonrcrawford@gmail.com on

        However some would say baby mulching machines are not evil. Although really they should be stupid parent mulching machines...

        1. By Anonymous Pedophile () on

          Where else would we get baby oil?

          1. By Anonymous Pedovore () on

            Or Kids Menus.

    2. By m0rf () on

      Whats wrong with blocking Skype?

      It uses your bandwidth even when you're not on a call, the basic p2p model of "sharing". It also uses various methods to get around firewalls using http/https, "CONNECT", etc.

      Blocking Skype is a good thing.

      1. By Anonymous Coward () on

        I'm not sure about your blanket statement that "Blocking Skype is a good thing." but I have to say that IMHO it's the companies bandwidth and they should be able to do what the hell they want with it. If the employees don't like it then they should quit whining and do something about it (i.e. work for somebody else or start their own business).

        1. By jum () on

          I would say that skype should not be commonly used because of its black-box design.

          no source code, no way to know where/how data travel, and I dislike
          programs trying to find open ports, apart from some basic audits.
          we have opensource projetcs for voice over ip, we have nice security
          mechanisms. so I just see skype as another m$n-kind.

      2. By Anonymous Coward () on

        Did you know I'm a stupid stupid faggot?

    3. By Lars Hansson () lars@unet.net.ph on

      Eh, evil? The company is paying for the bandwidth so they make the policies. If you dont like it you're free to quit and work somewhere else.

      1. By sthen () on

        I think, in the case of the UAE (and some other countries), it's the government that's making the policies about use of VoIP.

        1. By corentin () on

          According to Reporters Without Borders, Skype is not the only thing being filtered in the UAE...
          http://www.rsf.org/article.php3?id_article=10769

          1. By Anonymous Coward () on

            Skype is banned from Research and Education Ministry networks in France (because of the blackbox design as Jum said).

            1. By corentin () on

              Yep, for network security reasons. It would be a real shame to plug a hole in the otherwise extremely secure french university networks ;-)

              1. By jum () on

                well I think the danger is having everyone using
                this skype program.....hey but what does it do really?
                I already see m$ systems deployed everywhere as a nice
                trojan horse for companies.
                Remember Intel and his ID privacy problem?
                This is more a question of freedom than security.
                One system to govern all of them...(sounds scary :-)

  2. By m0rf () on

    wow someone modded that up.

  3. By Anonymous Coward () on

    What a load of rubbish.

    For those that don't want to read it (it's not worth it), here is the summary:

    "Using squid, we blocked all HTTP CONNECT requests to numberic ips".

    1. By Anonymous Coward () on

      Not everyone is as gifted as yourself : some things are not that obvious to everyone. Leave it to others to judge whether it's a load of rubbish or not. And congrats, you can read and summarize :-)

    2. By Anonymous Coward () on

      Yes, this is true. And what's worse, I think there's an option in the squid.conf that makes his whole regular-expression match of an IP address worthless; a function that allows you to block anything that isn't a request for a dns name.

      Yet another "wonderful" write up on a trivial task. What's next? "HOWTO: measuring relative network latency between my host and another host on the Internet using ping.exe?"

      1. By Anonymous Coward () on

        "A function in squid". That's a novelty. Perhaps a write-up on the basics of squid could be useful for those with the "functional" approach.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]