https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873436#M85355 <HTML><HEAD></HEAD><BODY><P>I think in order to completely block skype you need a combination of IPS, Firewall and Proxy (for ssl).</P><P>Because it is a very dynamic application that tries different method to connect(udp, http, https).</P><P></P><P>-hamid</P></BODY></HTML> Wed, 14 Nov 2007 23:59:02 GMT azoulflak 2007-11-14T23:59:02Z https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873432#M85345 <P>I want rto block skype traffic at all.</P><P></P><P>I have a choice of:</P><P>- Cisco router (870, which should handle Flexible Packet Matching)</P><P>- Cisco switch (cat6500 - sup720 and sup32 NOT PISA EQUIPPED)</P><P>- Cisco ASA 5520 (Modular Policy Framework)</P><P></P><P>Been playing with 870 and FPM at first, but it seem not to block newer (3.x) skype releases (TAC case is active).</P><P></P><P>Any Idea/hint?</P><P></P><P></P><P></P> Sun, 10 Mar 2019 10:51:44 GMT https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873432#M85345 ibrunello 2019-03-10T10:51:44Z https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873433#M85347 <HTML><HEAD></HEAD><BODY><P>It involves configuring policies and applying it to a interface.</P><P><A class="jive-link-custom" href="http://ciscotips.wordpress.com/2006/06/07/how-to-block-skype/" target="_blank">http://ciscotips.wordpress.com/2006/06/07/how-to-block-skype/</A></P></BODY></HTML> Tue, 13 Nov 2007 14:59:35 GMT https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873433#M85347 irisrios 2007-11-13T14:59:35Z https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873434#M85349 <HTML><HEAD></HEAD><BODY><P>The last time I checked, NBAR can only recognize Skype v1.0, not the latest version which I believe is 3.0. Although I have my gripes about NBAR (quite often it just matches traffic on the source/destination port, and doesn't actually match on the payload. Kazaa is a good example), I think this is an issue with the way Skype is purposefully encrypting itself in order to evade detection.</P><P></P><P>For a while our IPS sensors were firing on the "OpenSSL TLS Malformed Handshake DoS" signature, and we concluded that was part of the initial Skype handshake. </P><P></P><P>Good luck</P></BODY></HTML> Wed, 14 Nov 2007 19:42:02 GMT https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873434#M85349 clausonna 2007-11-14T19:42:02Z https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873435#M85352 <HTML><HEAD></HEAD><BODY><P>Yes, Cisco states that skype NBAR only supports "skype version 1.4"</P><P></P><P>Checking for malformed HTTPS was something I though about; maybe will work out a solution, and post here...</P><P>Thank you for the hint.</P></BODY></HTML> Wed, 14 Nov 2007 22:19:16 GMT https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873435#M85352 ibrunello 2007-11-14T22:19:16Z https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873436#M85355 <HTML><HEAD></HEAD><BODY><P>I think in order to completely block skype you need a combination of IPS, Firewall and Proxy (for ssl).</P><P>Because it is a very dynamic application that tries different method to connect(udp, http, https).</P><P></P><P>-hamid</P></BODY></HTML> Wed, 14 Nov 2007 23:59:02 GMT https://community.cisco.com/t5/network-security/preventing-skype-traffic/m-p/873436#M85355 azoulflak 2007-11-14T23:59:02Z