Broadband Tech > Security > Security > Tighten up Skype?

Tighten up Skype?

Far too much work but maybe this
»www.dedoimedo.com/computers/skyp···ove.html

Cudni

Thanks, but that does not have the ports that Skype uses in that article. Interesting but I don't care about the ads. I care more about security.

In my old firewall I could just block it, see what it did in my logs like what ports it used and which protocols, then make a rule allowing only that. But Windows has terrible logging that doesn't tell you much.

reply to Sentinel
see
»support.skype.com/en/faq/FA148/w···-desktop

Cudni

I saw that setting but I guess I didn't understand it. It appears as though it does not use any particular port. What I get from that seems to be that you can set it to use whatever port you want it to use. If so then I guess I can set it to what ever I want and then set the firewall rule accordingly.

But that is for incoming it appears. I was wondering about outgoing too. Could it be that is uses the same port for both?

reply to Sentinel

reply to Sentinel

Thanks. I did uncheck that UPnP box. Doesn't seem to do anything that I can see so I will leave it that way.

For now I just created a rule for it with no port defined but I disable it when I am not using Skype. I don't use it that often so hopefully this will be sufficient.

the email I use for skype has apparently leaked out, use a throwaway email to sign up to the service.
--
* seek help if having trouble coping
--Standard disclaimers apply.--

reply to Sentinel
Skype when used with UPNP turned on (on both the router and in Skype) will not close open ports on exit. skype uses uPnP to open a port in the router it NEVER closes that port when skype shuts down. This is quite a large security risk and in most cases uPnP is not needed by skype and can/should be disabled. There are a few cases that due to network config skype will need the uPnP as it's only option to communicate to the client but this is the exception and not the rule.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

»blogs.skype.com/garage/2008/04/u···s_b.html

reply to Sentinel
I'd also uncheck "Use port 80 and 443 as alternatives for incoming connection" box.
Skype uses this trick to bypass company/business network restrictions when other than most common ports are closed by administrator.

How would that make it more secure in my home LAN though? I mean if it is using port 80 or port 3000 I don't see a difference. Is there?

Simply you don't need this since you don't have any network restrictions for skype.exe as you said in first post. Skype will work as should with properly configured firewall/router. Skype via this option try to bypass very restricted networks - using very popular http and https ports which are almost always allowed.
Unchecking this box is just like clear up your network connections - why would you like from skype to use HTTP and HTTPS ports? Any benefits?
In the past (few months ago!) Skype tried multiple methods to gain an access to so called Super-node or to any of the main Skype login servers. Any PC running Skype that was directly connected to the Internet could be used by the Skype system to become a Super-node. Skype first tried UDP packets directly, then STUN, then TURN and if these fail it used TCP via previously used Skype port numbers, if this fails it used TCP over port 80 or port 443. It was very aggressive behaviour as you may notice and that was not so far ago by Skype... now MS has created about 10k new servers working under Linux environment with grsecurity security patches. These servers now acting like Super-nodes and can handle about 10k connection per one node, when old less secure solution could handle about 800 connection per one node. From now on it should be impossible to be a super-node because of that but again why would you like to open for Skype 80 and 443 port when it works like a charm without this ports enabled for incoming connections?
Even block TCP port 80 for skype.exe in your firewall settings will not cause Skype won't work because this port it's not normal port for this application, Skype is not web browser or Apache server.

I like to have an order in my network even if it's at home, maybe I'm getting old? Nah