Tuesday, 30 May 2017

Block Skype connections

There is a popular belief that Skype client is very hard to block on the network layer, due to it’s Peer-To-Peer behavior and usage of HTTP/S ports.
Block Skype client
However at present time (December, 2012) Skype client connections can be blocked pretty simply by a few firewall rules.
After startup, Skype client receives a number of it’s master (login?) servers – dsnX.d.skype.net. Currently there are 16 DNS entries from dsn0.d.skype.net to dsn16.dsn.skype.net.
Using simple bash script (uses Linux DNS utility – dig) we can get most of these server’s IP addresses:

Just block all access to following networks and Skype client won’t be able to authenticate and connect.
111.221.74.0/24
111.221.77.0/24
157.55.130.0/24
157.55.235.0/24
157.55.56.0/24
157.56.52.0/24
213.199.179.0/24
64.4.23.0/24
65.55.223.0/24
For Linux router, with IPtables firewall, you may use following command:
for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A OUTPUT -d $ip -j DROP; done

No comments:

Post a Comment