Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Communications Encryption Security Software The Internet

An Analysis of the Skype Protocol 161

zib writes "Ever felt a need to peek under the hood of your Skype client? This paper (PDF) explains all the details. Among other issues, it focuses on the NAT capabilities of Skype and audio compression."
This discussion has been archived. No new comments can be posted.

An Analysis of the Skype Protocol

Comments Filter:
  • Supernodes? (Score:3, Interesting)

    by gaber1187 ( 681071 ) * on Thursday January 20, 2005 @12:51PM (#11421541)
    Interesting paper.

    What is the deal with supernodes, isn't there a peer to peer protocol that doesn't revolve around supernodes? I don't like the idea of somebody setting up a high-bandwidth machine and routing enough packets to get the entire phone call I'm making and then in their spare time decrypting my phone call.

    We need a a VoIP method that uses bit torrent and duplicates what you are saying many times, which wastes bandwidth but makes up for the slowness factor. And even still, we need a bit torrent less reliant on supernodes... could a VoIP network function on a P2P network meant to work without supernodes?

    Somebody know more details about what the difficulties are in making a P2P network without supernodes? (Assuming there are lots of people on the network).

    Privacy issues?

    • Re:Supernodes? (Score:2, Insightful)

      by awolk ( 759539 )
      I don't like the idea of somebody setting up a high-bandwidth machine and routing enough packets to get the entire phone call I'm making and then in their spare time decrypting my phone call.

      Well, I can't read the paper, because I don't have a pdf reader available, but I think they've done the crypto-stuff good enough, so that it's almost impossible to decrypt.
      What is the point of decrypting something if it takes >100.000 years?
      • ... is that people don't factor in that computers increase in speed by almost a factor of 2 each 18 months or so. So basically, that's like removing 1 bit from your encryption key every 18 months. Factor that in, and you begin to see cracking time numbers orders of magnitude smaller then before.

        So basically, public key encryption should still only be used for things that are time sensitive that no one will care about in 5 years. If that's not the case, then you should think about using extremely large key
        • If that's not the case, then you should think about using extremely large keys, like 4000bit, or use quantum encryption. I hope you are joking, or you don't really know how both asymmetric and quantum cryptography work. Quantum cryptography requires really expensive hardware. Asymetric cryptography requires a very long time to encrypt/decrypt and it grows up the size of the message a lot. So it is only used to send a (long) symmetric key.
        • The problem with this is that people don't have perspective on just how enourmously big something 2^256 is. You may think that "it's just a question of time" before you can brute force it.

          A good perspective a lecturer of mine offered was that the number of known atoms in the Universe is somewhere in the vicinity of 2^200. Now while that is not really a number you can grasp, it still demonstrates the futility of trying to brute force the encryption.

          Even if you factor in Mores law then anything above 56-bit
    • by Anonymous Coward
      You're going to need a pretty super node to decrypt 256-bit AES.
    • isn't there a peer to peer protocol that doesn't revolve around supernodes?

      Several. Freenet [freenetproject.org] doesn't require supernodes, it is entirely decentralised, the same is true of Dijjer [dijjer.org]. Generally, a P2P application can use a Distributed Hashtable [wikipedia.org] to find information without relying on a centralised server (neither Freenet nor Dijjer use a DHT, although their approach is vaguely similar).

    • Re:Supernodes? (Score:3, Informative)

      by Thrakkerzog ( 7580 )
      I don't think that your phone call data goes through the supernode. From what I understand, the supernode is used to facilitate the connection between two clients which are behind NAT or a firewall. After the supernode hooks you up, it is a direct connection between the two clients, without the supernode involved.

      • Re:Supernodes? (Score:1, Informative)

        by Anonymous Coward
        That makes no sense.

        Lets say I'm firewalled and you're firewalled. Neither of us can open any ports. I want to call you. As a result, we both connect to a supernode, and send and receive data through the supernode. The supernode sees it all.
        • Re:Supernodes? (Score:3, Informative)

          by bigberk ( 547360 )
          Not necessarily. There exist ways to get through a double NAT environment. We developed one such system for an engineering thesis; for documentation on another see the "STUN" RFC
          • Strangely, when I was reading the article, they made it sound like they were proxying the data. Here, let me quote:

            "For the third setup, in which both users were behind port-restricted NAT and UDP-restricted firewall, both caller and callee SC exchanged signalling information over TCP with another online Skype node. Caller SC send media over TCP to an online node, which forwarded it to callee SC over TCP and vice versa. The message flow is shown in Figure 11.

            There are many advantages of having a node r
          • You're talking about issues with the SIP protocol and double NAT. Other, newer protocols like iax and iax2 don't have problems with double NAT. The only problem is, nobody makes IAX/IAX2 phones (yet). People are working on them. In the meantime the little iaxy bugger from Digium is supposed to fill the gap, at least with standard analog phones.
      • In a scenario with two Skype(tm) clients behind NAT firewall/router/whatever that blocks UDP (ie. only allows TCP) I'd really like to hear how you set up a direct connection between the two clients.

        At the very least; In the connection setup the third-party (ie supernode) has to open a server socket that both clients connect to using client sockets. The supernode then forwards information between the two.

        Now what type of magic is used to hook up a direct connection between the two clients ? TCP connecti

        • Re:Supernodes? (Score:3, Informative)

          by drew ( 2081 )
          i've seen someone experimenting with this before. it's actually not too difficult to do once you have two computers that are both trying to set up the connection. how to alert the second computer that the first wants to initiate a connection is the challenge. in this case the supernode seems to be responsible for that aspect.

          basically each computer attempts to initiate a connection to the other computer on a port that has been agreed to in advance. the first computer to attempt will fail, due to the fi
          • Re:Supernodes? (Score:2, Interesting)

            by acaspis ( 799831 )
            however, his firewall will now be expecting return traffic originating from the port that his computer attempted to connect to. therefore, the second connection attempt, from the other computer, will succeed

            Interesting, but I wouldn't expect this technique to defeat anything else than trivial "personal firewalls". Any NAT between the two computers would alter the calling ports and break your assumptions.

            Has anyone actually tried this ?

            • i had a friend who did some brief experiments to prove it could work but never got much further than that. a while back i saw a program on freshmeat that performed this task for arbitrary clients, which i believe used udp to perform the timing/port negotiations (so it would only work behind firewalls that allowed udp). i personally never actually tried it, but he had a site up explaining the mechanics, and stated that he had been successfully using the method for a while.
              • Yeah I wish there was some noobish tutorial for Skype(tm) clients behind NAT firewall/router. It's one thing to explain mechanics, it's another to see it step by step.

          • basically each computer attempts to initiate a connection to the other computer on a port that has been agreed to in advance. the first computer to attempt will fail, due to the firewall on the other end. however, his firewall will now be expecting return traffic originating from the port that his computer attempted to connect to. therefore, the second connection attempt, from the other computer, will succeed. now, both firewalls are allowing return traffic through in response to a connection initiated from
        • > I'd really like to hear how...

          Simultaneous SYN.

          Skype does not use it.
    • Re:Supernodes? (Score:5, Informative)

      by kuwan ( 443684 ) on Thursday January 20, 2005 @01:06PM (#11421747) Homepage
      What is the deal with supernodes, isn't there a peer to peer protocol that doesn't revolve around supernodes?

      Because this type of tiered network is what works and scales well to thousands and millions of clients. The original Gnutella protocol was designed not to use "supernodes" or a tiered network structure and it was a miserable failure. The bandwidth and large latency required for all of the clients to communicate with each other (especially ones using 56K modems) easily overcame the usefulness of the network. The current Gnutella protocol now uses a tiered (layered) network where clients can become supernodes and this version actually works with tens to hundreds of thousands of people connected.

      When creating a large, scalable network this type of protocol is what has been proven to work.

      --
      Join the Pyramid - Free Mini Mac [freeminimacs.com]
      • Man, I know it... I used the original gnutella, and man it was soooooo slowwwww... I agree... I think what somebody else said above is possibly correct that the nodes are only used to make the connections, once data starts flowing, it all goes through the normal ip routes...
      • Supernodes aren't the only way, though. I like the concept of a Kademlia-style network. If you have a definitive routing order, you don't have the problem with requests looping back and staying within a small group of peers like they did on Gnutella. That, more than anything, was its fundamental flaw. To try and overcome this, you have to increase the number of hops; this, combined with the latency, is disastrous.

        I've proposed a modification of the basic concept to the kenosis group; we'll have to see
    • Re:Supernodes? (Score:5, Informative)

      by jd ( 1658 ) <imipak&yahoo,com> on Thursday January 20, 2005 @01:15PM (#11421844) Homepage Journal
      The problen with loading the network up is that you increase the latency (spare packets have to be processed enough to know to drop them) and you increase the packet loss overall (because if everyone does this, packet collisions will increase exponentially).


      There are other solutions which'll do essentially what you want. One option is to have connections rotate round-robin style, rather than by bandwidth. That way, if you can go by 5 paths, each path gets 1/5th of the traffic, making it much harder for evesdroppers.


      A second option is to use kernel or userland IPSec, so that all connections are secure. IPSec is pretty solid and it is doubtful anyone would be able to break into such traffic.


      Supernodes are just a load-balancing mechanism. Not a very good one, because it's a two-state system, but it works. Networks have developed routing and QoS protocols to handle exactly the kind of information P2P is approximating with the supernode scheme. It would seem to make much more sense to use mechanisms people have worked on for much longer to get right.

      • Re:Supernodes? (Score:3, Insightful)

        by cyngus ( 753668 )
        The problem is that QoS-aware protocols are not universally deployed, so you can't count on them. Additionally most of the router-based QoS protocols suck. Adding "smarts" to the network infrastructure goes against the original Internet design principles, which dicatated that the network should be as dumb as possible and add the smarts to the end hosts.
    • The problem without supernodes, at least as I understand it is speed. Simply put, most nodes on the network have limited upload bandwidth (eg: cable modems, where upload caps are but a fraction of the down caps)

      Without supernodes and their ability to push data quickly you get stuff like freenet or MUTE. While these are much more privacy oriented, there's a reason they're not mainstream: They dont rely on high speed connects, and thus cant provide high speed service.

      As Skype is a legally oriented servic
    • Yes you could build one without supernodes, but this is a bad approach. To build the best P2P network you need to build the best overlay network (a logical network that operates on top of the physical one). The best way to do this is to assign nodes addresses based on their resource availability, primarily we're concerned with processing power and bandwidth and, depending on the application, latency to other nodes. If you properly address all nodes things turn out great. You can then use distributed rou
    • Re:Supernodes? (Score:3, Interesting)

      by Stween ( 322349 )
      "Somebody know more details about what the difficulties are in making a P2P network without supernodes?"

      It's not difficult, but the issue is scalability. To have a P2P network scale, you have to have some efficient network structure for shunting data around. Efficient is a relative term; robustness might be the goal here with supernodes.

      For implementations of distributed hash tables, bandwidth certainly isn't the main concern, so those are logically constructed generally without any concept of a supernode
    • What is the deal with supernodes?

      Is Jerry Seinfeld posting on slashdot now?

    • Decrypting your phone call? GOOD LUCK!

      Skype uses end-to-end cryptography on all calls, up to 2048-bit RSA for the public key exchange and 256-bit AES thereafter.

      Skype offers probably the highest strength seamless encryption around.

  • by Samir Gupta ( 623651 ) on Thursday January 20, 2005 @12:56PM (#11421601) Homepage
    I believe the NAT traversal is done by routing via super-nodes which are not behind a NAT or firewall. Is this a valid assumption for the future? In other words, what if every host is behind a NAT or firewall -- it seems that way, given the increased security conciousness of hardware and software makers, that sometime in the near future, firewalling will be the norm and default, not the exception?
    • Roll on ipv6. No NAT, everyone with a public IP#. Fine by me.
      • Roll on ipv6. No NAT, everyone with a public IP#.

        You mean because IPv6 increases the IP address space enough so that every single refrigerator, phone and toaster can have its own (public) IP# ?

        Bullshit. There are many reasons to use NAT, saving IP addresses is only 1 of these. And AFAIK, there isn't a real shortage of IP addresses yet. If there is, it's because they're not distributed/used well, not because there aren't enough of them.

    • I imagine anyone dedicated enough to run a supernode probably has the resources to run other types of servers as well. Even if they are using a firewall, it's not going to just block all incoming connections. If this type of "increased security consciousness" affected everyone, web servers wouldn't work either.
    • I believe the NAT traversal is done by routing via super-nodes which are not behind a NAT or firewall. Is this a valid assumption for the future? In other words, what if every host is behind a NAT or firewall

      It looks like (I'm not sure) the Skype protocol routes voice data through non-firewalled nodes when at least one of the endpoints is firewalled. In theory, you don't need to do this. To establish a call, you may need a non-firewalled node if the node being called is behind NAT or firewall. Once contac

  • Bad start (Score:5, Informative)

    by Sanity ( 1431 ) on Thursday January 20, 2005 @12:58PM (#11421633) Homepage Journal
    Skype is a peer-to-peer VoIP client developed by KaZaa...
    KaZaa isn't a company, it is a piece of software. Skype was developed by the same guys that were behind the KaZaa software, but not (to the best of my knowledge) by the company that now owns KaZaa.
  • Skype Banned (Score:5, Interesting)

    by Realistic_Dragon ( 655151 ) on Thursday January 20, 2005 @12:59PM (#11421655) Homepage
    Do you really want to be running Skype or let it onto your network? At my university Skype has been banned. Here is the reasoning:

    Skype Peer to Peer Telephony software is now also prohibited. Skype is a
    free application that facilitates free telephone calls through the use of
    an internet connection.

    Calls made using the system are directed through 'Supernodes', which can be
    ordinary PC's with Skype installed. Machines on fast and well connected
    Internet feeds like the $Network are likely to automatically become
    'Supernodes' and forward a considerable amount of traffic.

    This allows Skype to route other peoples Voice over IP calls using your
    machine and the university internet connection. This is in breach of the
    Acceptable Use Policy and could potentially put the university's network
    and core business at risk.

    Finally, the Skype End User License Agreement (EULA) grants Skype permission
    to install and use 3rd party software on computers running Skype. This could
    include an array of spyware and adware that is likely to threaten the
    privacy of anyone installing this software.
    • Re:Skype Banned (Score:5, Informative)

      by JJahn ( 657100 ) on Thursday January 20, 2005 @01:14PM (#11421831)
      I checked out Skype's EULA as found on their website.

      The only thing relating to third party software that I found was this:

      2.4 Third Parties. You acknowledge and agree that the Skype Software may be incorporated into, and may incorporate itself, software and other technology owned and controlled by third parties. Skype emphasizes that it will only incorporate such third party software or technology for the purpose of (a) adding new or additional functionality or (b) improving the technical performance of the Skype Software. Any such third party software or technology that is incorporated in the Skype Software falls under the scope of this Agreement. Any and all other third party software or technology that may be distributed together with the Skype Software will be subject to you explicitly accepting a license agreement with that third party. You acknowledge and agree that you will not enter into a contractual relationship with Skype or its Affiliates regarding such third party software or technology and you will look solely to the applicable third party and not to Skype or its Affiliates to enforce any of your rights.

      Basically, you have to explicitly accept a license agreement with the third party. They say nothing in here about installing and using 3rd party software on your computer without your consent.
      • Last week the EULA on their website didn't match the one that popped up during install. The one during install was different in this very section, saying nothing about "improving technical service" as a reason for installing 3rd party software.
      • Skype emphasizes that it will only incorporate such third party software or technology for the purpose of (a) adding new or additional functionality (..)

        Well, that would cover addware or spyware; like it or not, one could just call it 'added functionality'.

        Any and all other third party software or technology that may be distributed together with the Skype Software will be subject to you explicitly accepting a license agreement with that third party.

        Sounds decent enough, but makes many -weak- assumptio

      • Basically, you have to explicitly accept a license agreement with the third party. They say nothing in here about installing and using 3rd party software on your computer without your consent.

        Um... did you actually read the excerpt that you posted?

        2.4 Third Parties. You acknowledge and agree that the Skype Software may be incorporated into, and may incorporate itself, software and other technology owned and controlled by third parties. Skype emphasizes that it will only incorporate such third party so

    • This is in breach of the Acceptable Use Policy and could potentially put the university's network and core business at risk.

      Okay, I understand the whole AUP piece. I understand that it could be a problem for the network.

      What I'm not sure I understand, is how a simple program could "put the University's core business at risk". If that is a publically funded University, I really object to that statement (it's not a business, a public service. It's nice if it's self funding, but the objective it not

    • Wouldn't a series of router hops generaly be the most direct route?
      • Not when you're constructing a P2P overlay which reduces the amount of duplicated packets sent.

        When multicasting data, you reduce the number of packets sent by building a distribution tree between nodes, which either all users share, or have one rooted at each source in the conference. There are many, many ways of doing this, but the end-result is the same. This tree is on the overlay level -- the routers have no knowledge of it. To forward packets across the overlay, they have to be pulled up to the appli
    • Re:Skype Banned (Score:3, Informative)

      by pVoid ( 607584 )
      Yeah, but you don't understand what network topology means if you think peers' nodes will be used to relay data.

      Generally speaking, end users are at the very bottom of a long hierarchy of ISPs and pipes. For example: UUNET -> AT&T -> Your local ISP -> You. As such, generally speaking, you are a leaf on a very large tree that may span several classes of IP networks. If a peer were to be used as a super node, it would mean that the data send from A to C would travel like this: A -> ISP -

      • Re:Skype Banned (Score:4, Informative)

        by WolfWithoutAClause ( 162946 ) on Thursday January 20, 2005 @01:31PM (#11422037) Homepage
        It makes no sense

        Um, actually RTFA.

        In most cases the voice packets go direct leaf node to leaf node.

        However if both are behind NAT firewalls then they can't directly talk to each other, and the Skype protocol seems to pick another Skype users machine (picked by some scheme that probably isn't publically described anywhere) and route the packets through them.

        There's no security problem with doing this (the packets are end-end encrypted), it just takes longer and is more likely to congest, and it takes up bandwidth at the extra users network.

        Really, IMNHO, NAT is a real menace. I'm really looking forward to IPv6 which doesn't have all this garbage; should be here by 2100 I reckon.

        • Read the fucking post, if you are both behind a NATed firewall, you fall into the description that I gave: on a LAN, where several computers are situated on several levels of hierarchy.

          So what if a box behind a nat is forwarding even two conversations on LAN. It's probably going to use up .5% CPU, and the LAN traffic won't increase or decrease since it's arleady on a LAN.

          Your point?

          • Your point?

            My point- dumbass- is that if they are behind *different* NAT firewalls (actually routers). Then they specifically *do* send messages from A to B to C; something that you said "makes no sense".

            And the protocol has to do that because NATd boxes can't ordinarily accept incoming connections (atleast not without the administrator doing lots of prior manual set-up on the NAT router). So point B has to be chosen from the set of non NAT'd IP addresses.

            • So, "Dumbass", you're saying that if I'm behind a NAT, and you over there are behind a NAT, Skype is going to establish a connection to you through me? No.

              The whole point of "through me" connections is that the NATed box and the recipient box are on the same internal network.

              How old are you? Your tone of voice and lack of understanding of networks is highly indicative that you are a freshman that thinks they got the whole world figured out.

              • So, "Dumbass", you're saying that if I'm behind a NAT, and you over there are behind a NAT, Skype is going to establish a connection to you through me?

                Wrong. LOL. I'm saying it gets routed through a third party.

                The whole point of "through me" connections is that the NATed box and the recipient box are on the same internal network.

                Wrong.

                Your tone of voice and lack of understanding of networks is highly indicative that you are a freshman that thinks they got the whole world figured out.

                Wrong, wrong, w

        • NAT is a real menace

          Yes, but true peer to peer is still possible in many
          cases with a little help from a routable 3rd party -

          Meet the mediated peer-to-peer a.k.a. hamachi [hamachi.cc]

      • Yes, it would be nice if you didn't have to go down into the leaves, however, UUNET does not have Skype installed. Nor does the telco or your ISP. Only Skype users have the skype supernode software installed and so only they can act as supernodes.

        This is horribly inefficient, however it is only used if you are behind a firewall or NAT and don't have have the necissary ports open. If you (or the person you are talking to) is on a publically routable IP address then Skype will just make a direct P2P connecti
        • This is teh best explanation of this I can see. I was not aware of the Supernode issue. BUT I can see where this would be a hassle. I wonder if one can change the firewall to only allow outbound coms on the skype ports. That way you would not be useable as a supernode. Also, it seems, to me, that they should make that as a setting in Skype to NOT allow yourself to be a supernode. That should only be allowable if you don't have to use supernodes (ie your ports are open properly).
    • Re:Skype Banned (Score:3, Insightful)

      by grazzy ( 56382 )
      a troll a day keeps the insanity away.. ?

    • Sorry for the spanner, but I hardly doubt someone is routing packets all the way thorugh your uni's connection to make a phone call.

      Latency dude.

      p2p and torrent technology is the worst network framework for something like streaming audio (lets not fuck ourselves with words like voice-over-ip... it is audio, and a network, and it streams...)

      p2p could just mean point 2 point for all you care. It makes a direct connection to the dudes place machiney thingy, else it wouldn't work.
      • It's not streaming because it's bi-directional - latency is actually a fairly minimal concern for streaming, assuming you've got enough bandwidth for a big packet. It's a really big deal for VoIP because you need to respond in a reasonable amount of time to what the other person is saying. That's why we don't call VoIP streaming audio - they have different characteristics. P2P works fine for streaming, except that BT (for example) is less efficent when you require parts of a file to come in order.
  • by froggero1 ( 848930 ) on Thursday January 20, 2005 @01:01PM (#11421685)
    Skype stores its buddy information in teh Windows Registry. Buddy list is digitally singed and encrypted.....

    Strange, I have it installed on my linux machine... and it doesn't have a windows registry... guess I dont have the capability of storing a buddy list.

  • Protocol analysis? I'll analyze that linking to a PDF will give us a chance to analyze a slashdotting.
  • Where is the cell phone that utilizes this technology to replace international satellite phones? I noticed Skype needs 2kb u/d for "reasonable quality"... BTW - How can we be sure this would be used for Good and not Evil?
  • by aarku ( 151823 ) on Thursday January 20, 2005 @01:17PM (#11421879) Journal
    The program can automatically elevate itself to a Supernode and start chewing bandwidth. Not only that, but it alerts your friendly University system administrator that you may be "sharing copyrighted materials with Kazaa" and you have them frowning at them (and randomly shutting off your port because they believe you have been "hacked") Just use a different free Internet Telephony application.
    • by alirano ( 793558 ) on Thursday January 20, 2005 @02:01PM (#11422483)
      You can easily avoid becoming a Supernode by not permitting incoming connections to the port Skype has opened for itself. The downside to this is that your calls will now be routed to another supernode, but if you're paying for bandwidth, there may be no way around that. You can still place and receive calls, and the added latency is not worth mentioning in most cases.

      If you run Skype on Linux or Mac OS X, it is reduced to using high ports anyway, so it's easy to block. An example iptables command line would be

      iptables -A INPUT -p tcp --dport 1024: --syn -j DROP
      (Caveat: Check your local servers, use passive FTP, modify this if you actually want to use P2P, etc.)
    • Just use a different free Internet Telephony application.

      Any suggestions for one that is as easy to set up as Skype, has clients for Windows, Linux and MacOS and is open source?

      I like gnomemeeting on Linux, but it isn't ported to Windows or MacOS, AFAIK.

      Rik

      • It doesn't have to be ported because it interoperates with other software by virtue of using a standardized protocol. Netmeeting on Windows does the trick. Ohphone worked on Mac when I last looked there. Probably gnomemeeting would via fink.
  • Non-Windows stuff (Score:5, Informative)

    by JohnQPublic ( 158027 ) on Thursday January 20, 2005 @01:19PM (#11421905)
    FYI, if you want to look at the "registry" info for Skype on Linux, it's in $HOME/.Skype/shared.xml.
  • Don't knock it. (Score:4, Interesting)

    by Facekhan ( 445017 ) on Thursday January 20, 2005 @01:20PM (#11421914)
    Proprietary or not, it works and its easy to use. Skype does a lot of things differently than SIP. 256 bit AES encryption is strong enough to protect your data well into the near future.

    It uses very little bandwidth and those Universities who are banning the software are just kneejerking to a new technology, just showing how far from the academic mission of research and experimentation most colleges have gone. Even more telling is how most Colleges charge exorbitant fees for local and long distance phone calls from student dorm phones. Why would they want to allow a technology onto their network that will mean less money going into their pockets.

    As to the bandwidth issues, I think they greatly exaggerate the bandwidth use of a Skype supernode in order to justify their kneejerk reaction to any new technology on their network that does not come with a 3 year agreement with Dell and Microsoft.
    • Indeed - we were explicitly banned from using any VoIP on our halls network.
    • Any organization that want to "manage" their network infrastructure will make policy decisions about what is and isn't an acceptable use.

      Bandwidth costs money, period, and you have to prioritize if you have a fixed budget. For Universities, the goals are research and education. That's what the network is there for. Are you learning anything by using Skype? No. Is it advancing research? No.

      It's not YOUR network, get over it.

      • I hear this argument all the time and I have heard it when I worked on a .edu network. I always say the same thing. The students pay for internet access in their housing fees and technology fees. It is not something the school provides for free. The mission of the school's network is for academic and research use which includes the free exchange of ideas outside of the classroom and with those outside of the University. So if a University provides a communications medium for which the students pay for as th
      • No in a public university it IS your network. My thing is you should have 2 internet connections through 2 different ISP's. One which BUSINESS happens on and another for the student machines. That way data going in and out of the main administrative and firewalled and vlanned to hell network would not be impacted by student activities and the students can be almost free. You'd still want somethings banned, but most ports should be open (IE, ban NETBIOS and other traffic that some of the worms use).
        • And at a private university nobody would dare pull this kind of crap, because they know which side of the bread holds the butter. Public institutions, on the other hand, are just iron rice bowls, endlessly stomping on a human face.
      • As to the bandwidth costing money. Traditional VOIP does not use very much bandwidth and neither does Skype. It uses less than the client of a multiplayer game. What VOIP does require though is fast, consistent delivery of packets. I have a suspicion that one of the issues that College network administrators are concerned about is that VOIP will expose how inefficient and poorly managed many .edu networks are mostly by virtue of the fact that the higher ups in the .edu tech departments are always people who
      • Re: (Score:3, Insightful)

        Comment removed based on user account deletion
    • Re:Don't knock it. (Score:2, Informative)

      by alirano ( 793558 )
      I've seen one Skype supernode in action and was pretty impressed by the bandwidth it was using. It was getting more than 15000 connections an hour, coming close to saturating its 100 mbps pipe. Which is kind of okay if you're paying a flat rate for access, but if you're paying by volume, I suggest that you take measures to avoid becoming a supernode. It's easy enough to do so. (On Linux, just block the high ports you're not using yourself. On OS X, activate that firewall.)
    • Even more telling is how most Colleges charge exorbitant fees for local and long distance phone calls from student dorm phones.

      Don't all Colleges have free long-distance as a cost-saving measure: Dartmouth Ends Billing for Phone Calls [dartmouth.edu]
  • by PetoskeyGuy ( 648788 ) on Thursday January 20, 2005 @01:32PM (#11422057)
    NAT tranversal is great, and Skype is nice an solid. We're adding this to our next product. Does anyone know where I could find more documents like this?
  • 200 Mhz (Score:2, Insightful)

    by fist ( 178568 )
    Did anyone else notice that their test machines were 200 Mhz Pentiums running Windows 2000.

    I bet they couldn't only see 5kbytes of traffic because that's all those poor machines could pump out!
  • They don't have 'em in now but the EULA's allow this going forward.

    These are the same guys who wrote Kazaa which installed 3rd party software which basically stole money from mom & pop websites in affiliate networks.
  • Every gateway may have different timeouts for NAT UDP port binding, right?
    The PDF doesn't explain how it's done, but it's rather simple, and is explained in the STUN RFC:
    1. Open a socket, and tell the server, hi, i'm here, reply to the same address you received this message from, and tell me what that address is (let's call this address REF_ADDRESS_A).
    2. Sleep for some time...
    3. Open a second socket, and say, hi, i'm here, reply to the same address you received this message from AND to the old address(REF_A
  • I would like to see an Skype Asterix extension.
    http://voip-info.org/tiki-index.php?page=bounty%20 skype [voip-info.org]
    That would be the real killer POTs killer app.
    Can any reverse engineering pro give a hand ?
  • Is this enough reverse engineering that we can code a Skype/SIP protocol gateway component for an Asterisk server? I'm just referring to all the popular VoIP systems like Vonage as "SIP". The important question is can the Skype protocol network be piggybacked to terminate calls initiated by SIP clients [google.com] like KPhone [iptel.org] or Linphone [huihoo.com]?
    • Speaking of which, has anyone written a howto for SIP on Linux? I spent ages trying to get it working, and in the end, succeeded (the results are here: http://richardneill.org/voip.html ), but my setup has since broken and I don't know why. I also can't get it working properly from behind NAT.

Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer

Working...