> - Use *tc* to choke the skype traffic. I have a list of apps to allow > through the network. The rest go into a default pipe of 2 Kbps. This > deteriorates the performance of the application. I think text chatting will > still go through but voice chatting, file sharing and all gets choked. > NOTE: I have had better success not blocking its default ports. That way I > can keep it away from the standard Internet ports and thus easily classify > it into the default pipe. Where can i find more information on *tc* ? thanks for any reply. Rgds, Victor ----- Original Message ----- From: "Deepak Seshadri" <d_s123@xxxxxxxxxxx> To: "Taylor, Grant" <gtaylor@xxxxxxxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, May 03, 2005 1:01 AM Subject: Re: rules for skype > Hi Grant, > > My company requires me to block Skype too. There are 3 ways I have found > after a lot of research: > > - Block the authentication servers' IPs. The last I knew there were only 2 > servers for authentication. Their IPs are given in that pdf document. I am > not aware if they have added new servers now. > - Use Layer-7 pattern. Again, the layer-7 pattern has worked for some and > not worked for many. It has worked for me. > My network scenario: The network I manage has private addresses throughout. > I think it has something to do with NAT and private addressing because in my > case when the client tries to authenticate with the server the hex-pattern > of those UDP packets stays the same throughout every session. This has not > been true in every case. You can give it a shot. > - Use *tc* to choke the skype traffic. I have a list of apps to allow > through the network. The rest go into a default pipe of 2 Kbps. This > deteriorates the performance of the application. I think text chatting will > still go through but voice chatting, file sharing and all gets choked. > NOTE: I have had better success not blocking its default ports. That way I > can keep it away from the standard Internet ports and thus easily classify > it into the default pipe. > > Now given the nature of this application, some things might work for you and > some might not. I thought I would share my knowledge on this .... > > Good luck, > Deepak >
