dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
4

Creer
IT Security enthusiast
join:2008-08-23
PL

1 edit

Creer to Sentinel

Member

to Sentinel

Re: Tighten up Skype?

Simply you don't need this since you don't have any network restrictions for skype.exe as you said in first post. Skype will work as should with properly configured firewall/router. Skype via this option try to bypass very restricted networks - using very popular http and https ports which are almost always allowed.
Unchecking this box is just like clear up your network connections - why would you like from skype to use HTTP and HTTPS ports? Any benefits?
In the past (few months ago!) Skype tried multiple methods to gain an access to so called Super-node or to any of the main Skype login servers. Any PC running Skype that was directly connected to the Internet could be used by the Skype system to become a Super-node. Skype first tried UDP packets directly, then STUN, then TURN and if these fail it used TCP via previously used Skype port numbers, if this fails it used TCP over port 80 or port 443. It was very aggressive behaviour as you may notice and that was not so far ago by Skype... now MS has created about 10k new servers working under Linux environment with grsecurity security patches. These servers now acting like Super-nodes and can handle about 10k connection per one node, when old less secure solution could handle about 800 connection per one node. From now on it should be impossible to be a super-node because of that but again why would you like to open for Skype 80 and 443 port when it works like a charm without this ports enabled for incoming connections?
Even block TCP port 80 for skype.exe in your firewall settings will not cause Skype won't work because this port it's not normal port for this application, Skype is not web browser or Apache server.

I like to have an order in my network even if it's at home, maybe I'm getting old? Nah