Monday, November 28, 2005

Blocking Skype Using Squid

Over at Help Net Security's web site they have a fancy 3 page PDF available for download that details how you can go about blocking Skype traffic from your lan. The document by 'rootn0de' ultimately says you can deny Skype's SSL tunneling behavior by have Squid block all CONNECT attempts that are specified by IP instead of by hostname. Woot.

Quite the sophisticated technique. I'm glad I had to download a pdf document and read through to the last page to discover the magical technique. This is just the sort of crap that web publishers do that I hate so much, a 1 page, 1 paragraph teaser that exists solely to hold advertising waiting for the user to click through to download a nearly content-less PDF document.

On a related note, this is generally a good practice for organizations to employ given the fact that a legitimate web service is highly unlikely to use IP based URLs, the issue I have here is with the manner of content distribution being disproportionate to the value and substance of the message.

2 comments:

  1. [...] Paralipsis » Blog Archive » Blocking Skype Using Squid [...]

    ReplyDelete
  2. I did not try this but hope this should work. Skype can also be blocked on name base and port based.

    ReplyDelete