Blocking Skype?


as far as I can see there is no way to block Skype via a Pix firewall. Now there is NBAR in Cico's IOS 12.4T. I thought I blocked it but it doesn't seem to work:

Version 12.4(4)T3

class-map match-any peer2peer description "Peer-to-peer stuff" match protocol gnutella match protocol edonkey match protocol fasttrack match protocol napster match protocol kazaa2 match protocol skype match protocol bittorrent ! policy-map p2p-drop description "Drop the unwanted peer-to-peer stuff" class peer2peer drop

interface GigabitEthernet0/0 ip address no ip mroute-cache duplex auto speed auto no cdp enable service-policy input p2p-drop service-policy output p2p-drop

What is wrong here?

Regards, Christoph Gartmann

Reply to
Christoph Gartmann
Loading thread data ...

Skype is an encrypted protocol that doesn't used fixed port numbers. And the authors keep changing the protocol to make it harder for firewalls to detect it.

Kind regards

Reply to
Matthias Scheler

UTM Devices and CISCO ASA can block it

CK Christ> Hello,

Reply to

And if you allow access to port 80/tcp (i.e web browsing) then Skype will work - see the first reference below. The second reference suggests a rather complex way to block Skype, but I'd be surprised if it's implemented in any Cisco product.


Reply to
Sam Wilson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.