dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed


Sentinel
Premium
join:2001-02-07
Florida
kudos:1
reply to Creer

Re: Tighten up Skype?

How would that make it more secure in my home LAN though? I mean if it is using port 80 or port 3000 I don't see a difference. Is there?


Creer
IT Security enthusiast

join:2008-08-23
PL

1 edit
Simply you don't need this since you don't have any network restrictions for skype.exe as you said in first post. Skype will work as should with properly configured firewall/router. Skype via this option try to bypass very restricted networks - using very popular http and https ports which are almost always allowed.
Unchecking this box is just like clear up your network connections - why would you like from skype to use HTTP and HTTPS ports? Any benefits?
In the past (few months ago!) Skype tried multiple methods to gain an access to so called Super-node or to any of the main Skype login servers. Any PC running Skype that was directly connected to the Internet could be used by the Skype system to become a Super-node. Skype first tried UDP packets directly, then STUN, then TURN and if these fail it used TCP via previously used Skype port numbers, if this fails it used TCP over port 80 or port 443. It was very aggressive behaviour as you may notice and that was not so far ago by Skype... now MS has created about 10k new servers working under Linux environment with grsecurity security patches. These servers now acting like Super-nodes and can handle about 10k connection per one node, when old less secure solution could handle about 800 connection per one node. From now on it should be impossible to be a super-node because of that but again why would you like to open for Skype 80 and 443 port when it works like a charm without this ports enabled for incoming connections?
Even block TCP port 80 for skype.exe in your firewall settings will not cause Skype won't work because this port it's not normal port for this application, Skype is not web browser or Apache server.

I like to have an order in my network even if it's at home, maybe I'm getting old? Nah