-- MikeGore - 24 Apr 2007

Skype Configuration and Security

Security and Universities

Disable Supernode

*Skype 3.0 and up have the ability to disable supernode status

Quoting from http://www.skype.com/security/universities/

There are several ways to prevent Skype from becoming a supernode:
    * Beginning with Skype 3.0, an explicit switch is provided in the registry settings to allow the disabling of supernode functionality.
    * Any computer hosted on a network that is behind a network address translation (NAT) device or restrictive firewall will disable supernode functionality.
    * Skype clients behind an HTTP or SOCKS5 proxy will not serve as supernodes.

Note: You can disable Supernode by adding the following registry key

  • Save and run the following text as NoSuperNode.reg or download from here NoSuperNode.reg - a reboot will be requred
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
"DisableSupernode"=dword:00000001

Registry Settings

Reference: Skype Guide for Network Admins

HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableApi, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableFileTransfer, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, MemoryOnly, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableContactImport, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableVersionCheck, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisablePersonalise, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableLanguageEdit, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenPort, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenHTTPPorts, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableTCPListen, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableUDP, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableSupernode, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxySetting, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyAddress, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyUsername, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyPassword, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, WebStatus, REG_DWORD = {0,1}

Skype Security Concerns

  • Skype and Windows Firewall - Best Advise is NOT to run as Administrator or Skype can, and does, make changes to your firewall. If you do run and a non Administrator you will have to remove any Skype exceptions you don't want while running as Administrator and then switch back.

There is an article about this called "Enterprises Need to Deal with Skype Boom" published on Eweek :http://www.eweek.com/article2/0,1895,2043368,00.asp

Windows XP Firewall and Skype

     "Skype also attempts to modify desktop firewall settings to allow
itself to run optimally. If the firewall rule gets disabled, the next
time Skype starts it will re-enable its firewall exception (if the user
has permission to modify firewall settings)."

Using Skype behind a NAT - note for home users of Skype behind a router

     "A firewall that blocks inbound traffic or uses NAT (Network
Address Translation) also won't stop Skype. When a Skype client starts,
it opens a session with a supernode in the Skype network.

If the client cannot be contacted from the Internet, the supernode will
notify the client when a call comes in?via the open connection. If the
recipient cannot directly contact the sender, the supernode or a relay
agent can then act as a proxy between the two callers. "

Skype Protocol

Skype Knowledge Base

Topic attachments
I Attachment Action Size Date Who Comment
Registry filereg NoSuperNode.reg manage 0.2 K 2007-04-24 - 15:07 MikeGore NoSuperNode.reg
Topic revision: r4 - 2007-04-25 - MikeGore
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback