Internet Related/Filtering/Firewall Thread, Blocking Skype with Smoothwall in Technical; We have a full Smoothie box and are suffering from a handful of Mac users getting through with Skype. It ...
9th June 2010, 06:40 PM #1
Blocking Skype with Smoothwall
We have a full Smoothie box and are suffering from a handful of Mac users getting through with Skype. It seems that no matter what we do (minimum of ports open, skype.com blocked in Guardian), Skype gets through and hogs bandwidth.
Is there anything we can do, or is a Skype-specific block coming (similar to the Block Kazaa etc. facility)?
IDG Tech News
9th June 2010, 07:17 PM #2
Skype will tunnel over SSL. To block it properly you need to do packet inspection using the IPS (basically Snort) functionality built into Smoothwall.
I just had a quick look in ours and there isn't a default for Skype that I can see. You can either look on sourcefire for a signature, write your own or ask the SW guys for a helping hand. (Pick option 3 first if you're at all unsure).
There will be a performance impact, possibly a significant one, depending on your hardware. We use a span port and a separate Snort box so we don't impact browsing.
Also remember to beat them with your aup. You could also rate-limit the offenders.
9th June 2010, 08:43 PM #3
Try blocking https connects to a bare IP in guardian (its a "special" class in policy table) - that, along with sufficiently tight port rules should do it ok.
10th June 2010, 12:25 PM #4
Thanks, Tom. I've implemented that and will test with various flavours of Windows and Apple Skype.
10th June 2010, 02:01 PM #5
Success! I've added the filter "HTTPS URLs containing an IP address" for All Groups, Always, Block and it stops Skype from connecting. Many thanks, Tom.
10th June 2010, 02:57 PM #6
Heh, sometimes I amaze even myself
Martin... i'm thinking we communicated by email in less enlightened days.. are you the Martin from Ascot who's been with Smoothwall for.. next to forever.. and who works at a school with a saint's name?
By tinhnt in forum Internet Related/Filtering/Firewall
Last Post: 27th June 2010, 05:06 AM
By cookie_monster in forum Network and Classroom Management
Last Post: 22nd January 2010, 01:14 PM
By Gatt in forum Internet Related/Filtering/Firewall
Last Post: 10th November 2009, 11:22 AM
By ssiruuk2 in forum Internet Related/Filtering/Firewall
Last Post: 9th March 2009, 11:43 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread