- Skype will initially try to supernodes, the IPs to the fileinstall with other files stored on Skype. The first method of contactdirectly. Source ports that Skype attempts to connect from a non-standard namePort. From my observations, I can see that the source UDP port 1247initial control channel. Once the connection is established, the restTCP communication in a non-standard source port range doneReturn 2940-3000.In general, every company is serious about security policies closelyEgress filtering rules to identify the non-default source / destination makesSkype uses ports that are not relevant because they blocked too.
- If the above fails, Skype will use certain proxy servers on the InternetExplorer, and tried to tunnel traffic over port 443 with SSL protocolDestination IP randomly, of course, as described above, which makes targetBlocking of the question. The only option is to SSL, which does not blockis really a solution if you want to end up with all legal SSL purposes.Removing proxy settings are also Skype users a connection to be banned.However, this will leave users without Internet access. Even if the userno proxy settings, and it is done in a transparent proxy (themust be a proxy HTTP and HTTPS traffic), Skype traffic (SSL) includemore transparent proxy, which puts us back to square one.
The access-list further specifies the connection method that the client
is using. In Squid the 'Connect' method is conveniently called 'Connect' as well.
The access list then is of the following form :
# Your acl definitions
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl connect method CONNECT
# Apply your acls
http_access deny connect numeric_IPs all
0 komentar: on "Blocking Skype Using Squid and Centos"
Posting Komentar