We have a full Smoothie box and are suffering from a handful of Mac users getting through with Skype. It seems that no matter what we do (minimum of ports open, skype.com blocked in Guardian), Skype gets through and hogs bandwidth.
Is there anything we can do, or is a Skype-specific block coming (similar to the Block Kazaa etc. facility)?
Skype will tunnel over SSL. To block it properly you need to do packet inspection using the IPS (basically Snort) functionality built into Smoothwall.
I just had a quick look in ours and there isn't a default for Skype that I can see. You can either look on sourcefire for a signature, write your own or ask the SW guys for a helping hand. (Pick option 3 first if you're at all unsure).
There will be a performance impact, possibly a significant one, depending on your hardware. We use a span port and a separate Snort box so we don't impact browsing.
Also remember to beat them with your aup. You could also rate-limit the offenders.
Try blocking https connects to a bare IP in guardian (its a "special" class in policy table) - that, along with sufficiently tight port rules should do it ok.
Thanks, Tom. I've implemented that and will test with various flavours of Windows and Apple Skype.
Success! I've added the filter "HTTPS URLs containing an IP address" for All Groups, Always, Block and it stops Skype from connecting. Many thanks, Tom.
Heh, sometimes I amaze even myself
Martin... i'm thinking we communicated by email in less enlightened days.. are you the Martin from Ascot who's been with Smoothwall for.. next to forever.. and who works at a school with a saint's name?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
