-- MikeGore - 24 Apr 2007
Skype Configuration and Security
Security and Universities
Disable Supernode
*Skype 3.0 and up have the ability to disable supernode status
Quoting from http://www.skype.com/security/universities/
There are several ways to prevent Skype from becoming a supernode:
* Beginning with Skype 3.0, an explicit switch is provided in the registry settings to allow the disabling of supernode functionality.
* Any computer hosted on a network that is behind a network address translation (NAT) device or restrictive firewall will disable supernode functionality.
* Skype clients behind an HTTP or SOCKS5 proxy will not serve as supernodes.
Note: You can disable Supernode by adding the following registry key
- Save and run the following text as NoSuperNode.reg or download from here NoSuperNode.reg - a reboot will be requred
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone] "DisableSupernode"=dword:00000001
Registry Settings
Reference: Skype Guide for Network Admins
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableApi, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableFileTransfer, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, MemoryOnly, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableContactImport, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableVersionCheck, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisablePersonalise, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableLanguageEdit, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenPort, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ListenHTTPPorts, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableTCPListen, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableUDP, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, DisableSupernode, REG_DWORD = {0,1}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxySetting, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyAddress, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyUsername, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, ProxyPassword, REG_SZ = {string}
HKEY_LOCAL_MACHINE\Software\Policies\Skype\Phone, WebStatus, REG_DWORD = {0,1}
Skype Security Concerns
- From Black Hat Europe 2006 Philippe Biondi & Fabrice Desclaus "Silver Needle in Skype" https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf - Note: save this file - then open it
- Skype and Windows Firewall - Best Advise is NOT to run as Administrator or Skype can, and does, make changes to your firewall. If you do run and a non Administrator you will have to remove any Skype exceptions you don't want while running as Administrator and then switch back.
There is an article about this called "Enterprises Need to Deal with Skype Boom" published on Eweek :http://www.eweek.com/article2/0,1895,2043368,00.asp
Windows XP Firewall and Skype
"Skype also attempts to modify desktop firewall settings to allow itself to run optimally. If the firewall rule gets disabled, the next time Skype starts it will re-enable its firewall exception (if the user has permission to modify firewall settings)."
Using Skype behind a NAT - note for home users of Skype behind a router
"A firewall that blocks inbound traffic or uses NAT (Network Address Translation) also won't stop Skype. When a Skype client starts, it opens a session with a supernode in the Skype network. If the client cannot be contacted from the Internet, the supernode will notify the client when a call comes in?via the open connection. If the recipient cannot directly contact the sender, the supernode or a relay agent can then act as a proxy between the two callers. "
Skype Protocol
Skype Knowledge Base
| I | Attachment | History | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|---|
 reg |
NoSuperNode.reg | r1 | manage | 0.2 K | 2007-04-24 - 15:07 | MikeGore | NoSuperNode.reg |
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback