Block Skype with PF
Rudi Kramer
rkramer at mweb.com
Mon Sep 11 05:22:33 PDT 2006
Hey Greg,
I found this article which should help a bit.
http://www.net-
security.org/dl/articles/Blocking_Skype.pdf#search=%22net%20squid%20skyp
e%20blocking%22
Rudi
-----Original Message-----
From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-pf at freebsd.org]
On Behalf Of Greg Armer
Sent: 11 September 2006 01:35 PM
To: freebsd-pf at freebsd.org
Subject: Block Skype with PF
Good day list,
I was just wondering if any of you have a running 'receipe' using PF
that can block Skype.
What I have found out is the following:
- Skype picks a random port to use when it is installed
- It can switch over to port 80 / 443 if a firewall is too restrictive
- It appears UDP ports above 1024 are used aswell
So what I was thinking of doing is blocking all outgoing UDP above port
1024, and trying to identify and block the port 80 / 442 traffic with
squid and a transparent proxy.
Does anyone have any better solutions to this which do not involve
expensive layer 7 inspection hardware ?
Many thanks for your comments / ideas.
Regards,
--
Greg Armer
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list