Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Skype
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 7 Jan 2004 14:10:27 -0500

I've played with it a bit.  I'd point out that it's not really a P2P network
as much as a cross between a VOIP network and and IM system.  They do call
it P2P, but in the end if you stretch the meaning enough all networks are
P2P in the end.  I haven't looked at the crypto, however.

The first thing you'll notice is a ton of UDP traffic and ICMP pinging.
Skype seems to be REALLY decentralized, and seems modeled on gnutella in its
behavior.  I'm not sure what purpose is served by all the ping activity,
however, and I do wonder what negative impact, if any, exists when a host
doesn't reply to ICMP echo-requests.  I've not played with it in a bit, and
I'm due for an upgrade.  I'll say this; if it does have any vulnerabilities,
they're going to be bad, much like they were in the early days of ICQ and
AIM.

-----Original Message-----
From: Kim.Sassaman () cox com [mailto:Kim.Sassaman () cox com]
Sent: Wednesday, January 07, 2004 12:17 PM
To: pen-test () securityfocus com
Subject: Skype


Has anyone done an evaluation of the Skype p2p network and
encyption methods? www.skype.com



--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Skype Kim.Sassaman (Jan 07)
    • RE: Skype Rob Shein (Jan 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault