Blocking Skype with OpenBSD and squid

Contributed by dhartmei on 2005-11-17 from the delicious-press dept.

In an article titled Net telephony blocked in number crunch, Sam Varghese writes on The Age:

A systems administrator in the United Arab Emirates has come up with a simple method to prevent a popular internet telephony program from being used.

The technical audience will find more details in Wael Ghandour's original post on the Full-Disclosure mailing list, but Sam's article contains this nice quote:

"I chose OpenBSD as my platform of implementation for various reasons, most important of which would be its rock-hard stability and excellent security record over the years," Mr Ghandour said. "The bug-audit process of the OpenBSD team is second to none, and the releases are timely and packed with great features."

(Comments are closed)

Comments

By Anonymous Coward (207.171.180.101) on 2005-11-17 18:02

Using OpenBSD: Good.

Using OpenBSD for evil purposes: Bad. :(
Comments
1. By corentin (193.252.196.77) on 2005-11-17 18:08
  
  Quoting Theo :
  
  "But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia."
  
  ;-)
  Comments
  1. By Jason Crawford (65.174.217.59) jasonrcrawford@gmail.com on 2005-11-17 18:20
    
    However some would say baby mulching machines are not evil. Although really they should be stupid parent mulching machines...
    
    Comments
    
    By Anonymous Pedophile (80.72.254.231) on 2005-11-19 13:36
    
    Where else would we get baby oil?
    
    Comments
    
    By Anonymous Pedovore (172.178.108.122) on 2005-11-21 14:55
    
    Or Kids Menus.
2. By m0rf (68.104.17.51) on 2005-11-17 18:35
  
  Whats wrong with blocking Skype?
  
  It uses your bandwidth even when you're not on a call, the basic p2p model of "sharing". It also uses various methods to get around firewalls using http/https, "CONNECT", etc.
  
  Blocking Skype is a good thing.
  Comments
  1. By Anonymous Coward (82.71.120.74) on 2005-11-17 19:51
    
    I'm not sure about your blanket statement that "Blocking Skype is a good thing." but I have to say that IMHO it's the companies bandwidth and they should be able to do what the hell they want with it. If the employees don't like it then they should quit whining and do something about it (i.e. work for somebody else or start their own business).
    
    Comments
    
    By jum (194.209.18.253) on 2005-11-18 13:59
    
    I would say that skype should not be commonly used because of its black-box design.
    
    no source code, no way to know where/how data travel, and I dislike
    programs trying to find open ports, apart from some basic audits.
    we have opensource projetcs for voice over ip, we have nice security
    mechanisms. so I just see skype as another m$n-kind.
  2. By Anonymous Coward (24.207.218.168) on 2006-02-26 06:27
    
    Did you know I'm a stupid stupid faggot?
3. By Lars Hansson (203.65.245.7) lars@unet.net.ph on 2005-11-18 01:51
  
  Eh, evil? The company is paying for the bandwidth so they make the policies. If you dont like it you're free to quit and work somewhere else.
  Comments
  1. By sthen (81.168.66.226) on 2005-11-18 22:05
    
    I think, in the case of the UAE (and some other countries), it's the government that's making the policies about use of VoIP.
    
    Comments
    
    By corentin (81.56.152.193) on 2005-11-18 22:44
    
    According to Reporters Without Borders, Skype is not the only thing being filtered in the UAE...
    http://www.rsf.org/article.php3?id_article=10769
    
    Comments
    
    By Anonymous Coward (213.41.147.159) on 2005-11-19 10:37
    
    Skype is banned from Research and Education Ministry networks in France (because of the blackbox design as Jum said).
    
    Comments
    
    By corentin (81.56.152.193) on 2005-11-19 11:46
    
    Yep, for network security reasons. It would be a real shame to plug a hole in the otherwise extremely secure french university networks ;-)
    
    Comments
    
    By jum (62.210.96.105) on 2005-11-19 12:32
    
    well I think the danger is having everyone using
    this skype program.....hey but what does it do really?
    I already see m$ systems deployed everywhere as a nice
    trojan horse for companies.
    Remember Intel and his ID privacy problem?
    This is more a question of freedom than security.
    One system to govern all of them...(sounds scary :-)
4. By m0rf (68.104.17.51) on 2005-11-21 20:33
  
  http://ct.enews.eweek.com/rd/cts?d=186-2835-22-82-102832-327741-0-0-0-1
  
  "Officials at Skype Technologies S.A., maker of the popular VOIP (voice over IP) tool, admit that their technology is not designed to be an enterprise-grade tool and say that IT administrators are free to block its use if they are concerned."
By m0rf (68.104.17.51) on 2005-11-19 21:16

wow someone modded that up.
By Anonymous Coward (213.164.3.90) on 2005-11-25 13:22

What a load of rubbish.

For those that don't want to read it (it's not worth it), here is the summary:

"Using squid, we blocked all HTTP CONNECT requests to numberic ips".
Comments
1. By Anonymous Coward (80.227.59.25) on 2005-11-25 14:10
  
  Not everyone is as gifted as yourself : some things are not that obvious to everyone. Leave it to others to judge whether it's a load of rubbish or not. And congrats, you can read and summarize :-)
2. By Anonymous Coward (68.106.232.57) on 2005-11-26 03:59
  
  Yes, this is true. And what's worse, I think there's an option in the squid.conf that makes his whole regular-expression match of an IP address worthless; a function that allows you to block anything that isn't a request for a dns name.
  
  Yet another "wonderful" write up on a trivial task. What's next? "HOWTO: measuring relative network latency between my host and another host on the Internet using ping.exe?"
  Comments
  1. By Anonymous Coward (195.229.242.53) on 2005-11-26 07:14
    
    "A function in squid". That's a novelty. Perhaps a write-up on the basics of squid could be useful for those with the "functional" approach.

Latest Articles

Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (12)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)
Fri, Mar 08
- 06:46 OpenBGPD 8.4 released (0)
Mon, Mar 04
- 06:32 rpki-client 9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]