Hi all! I´m a frequent and happy Skype user. However Skype security issues are what I´ve tried to study. Please forgive me I´m a total amateur within this area.
During the last weeks I´ve used a software called Net-Peeker. I have managed to reveal IP addresses to all my contacts. To be spesific I´ve learned that Net-Peeker actually shows the real IP for my contacts. Sometimes, but only sometimes, the IP is something else that real but immediately when a call takes place I´ll get the users actual/real IP. How do I know that the IP is real? Only by asking my friends what their IP is - of course.
Okay, now the question: Is it possible for some man-in-the-middle (for example my wife or my ISP) to check out what IP´s are connected/routed through my Skype though the communication itself is encrypted? Or does the end-to-end encryption mean that all IP´s are encrypted as well?
Tommy
Full Version: IP/Security
[quote=pop3]Hi all! I´m a frequent and happy Skype user. However Skype security issues are what I´ve tried to study. Please forgive me I´m a total amateur within this area.
During the last weeks I´ve used a software called Net-Peeker. I have managed to reveal IP addresses to all my contacts. To be spesific I´ve learned that Net-Peeker actually shows the real IP for my contacts. Sometimes, but only sometimes, the IP is something else that real but immediately when a call takes place I´ll get the users actual/real IP. How do I know that the IP is real? Only by asking my friends what their IP is - of course.
Okay, now the question: Is it possible for some man-in-the-middle (for example my wife or my ISP) to check out what IP´s are connected/routed through my Skype though the communication itself is encrypted? Or does the end-to-end encryption mean that all IP´s are encrypted as well?
Tommy[/quote]
And what is your issue if they can?
During the last weeks I´ve used a software called Net-Peeker. I have managed to reveal IP addresses to all my contacts. To be spesific I´ve learned that Net-Peeker actually shows the real IP for my contacts. Sometimes, but only sometimes, the IP is something else that real but immediately when a call takes place I´ll get the users actual/real IP. How do I know that the IP is real? Only by asking my friends what their IP is - of course.
Okay, now the question: Is it possible for some man-in-the-middle (for example my wife or my ISP) to check out what IP´s are connected/routed through my Skype though the communication itself is encrypted? Or does the end-to-end encryption mean that all IP´s are encrypted as well?
Tommy[/quote]
And what is your issue if they can?
[quote=pop3]Okay, now the question: Is it possible for some man-in-the-middle (for example my wife or my ISP) to check out what IP´s are connected/routed through my Skype though the communication itself is encrypted?[/quote]
Most likely.
[quote=pop3]Or does the end-to-end encryption mean that all IP´s are encrypted as well?[/quote]
And how would you expect that to work?
IP-addresses are no secrets, they are mandatory to be able to send something from one point to another over the internet and all parties involved in the routing must be able to extract the address in order to route the data.
You can read more about how skype works here (http://www.skype.com/products/explained.html).
Encrypting an address make no sense. It would be like asking someone to call you but refuse to give him/her your number because it is a secret or to use some kind of invisible ink to write the address of a letter and hope that the mailman could deliver it to the right address anyway.
Most likely.
[quote=pop3]Or does the end-to-end encryption mean that all IP´s are encrypted as well?[/quote]
And how would you expect that to work?
IP-addresses are no secrets, they are mandatory to be able to send something from one point to another over the internet and all parties involved in the routing must be able to extract the address in order to route the data.
You can read more about how skype works here (http://www.skype.com/products/explained.html).
Encrypting an address make no sense. It would be like asking someone to call you but refuse to give him/her your number because it is a secret or to use some kind of invisible ink to write the address of a letter and hope that the mailman could deliver it to the right address anyway.
pop3 sounds like ur callin someone but wanna hide the calls from wo/man in middle (i.e. ur wife say).... 
is there a need to say , naughty?...lol, i dont think u can hide IP addresses, but i suppose u can hack into someone elses computer, stick in a trojan, take control of their computer and make calls via that.... how u'd do that i have no idea.... but it should be possible...(disclaimer: i in no way encourage hacking, the above was a joke and is intended as a joke only (and for educational purposes excluding the school of hacking)). :lol:
is there a need to say , naughty?...lol, i dont think u can hide IP addresses, but i suppose u can hack into someone elses computer, stick in a trojan, take control of their computer and make calls via that.... how u'd do that i have no idea.... but it should be possible...(disclaimer: i in no way encourage hacking, the above was a joke and is intended as a joke only (and for educational purposes excluding the school of hacking)). :lol:
In the context of a Skype-to-Skype P2P transmission, I just don't think there is a way to become a man-in-the-middle meaningfully.... with current encryption keys. If a Skype call is routed through another Skype user (a special supernode), then there is a risk (albeit EXTREMELY small)... because one can not be absolutely sure that a special supernode is friendly and uncompromised (with a copy of your Skype). One way to control the risk is to make sure your computer is not behind a firewall that forces Skype to reach you through a special supernode. Perhaps someone with more understanding than I have can address a related question.... can an ISP that manages to get a copy of one's Skype then intercept Skype packets for that Skype user (at a known IP address)?
In the context of SkypeIN/OUT, there is an increased risk of compromise because the part of the call going over PSTN is unencrypted. I would be particularly concerned with the Skype/PSTN interface because that's the obvious place to set up a listening device..... but there is no reason to think that it is any more vulnerable than a regular PSTN call.
Does that help? Note that if Skype were to ever create an enterprise version for use on a corporate server, private encryption would surely be sacrificed. Let's not be surprised to see such a version someday (soon?). Take a look at a thread nearby that concerns a PBX using Asterisk.... a proto enterprise Skype server.
In the context of SkypeIN/OUT, there is an increased risk of compromise because the part of the call going over PSTN is unencrypted. I would be particularly concerned with the Skype/PSTN interface because that's the obvious place to set up a listening device..... but there is no reason to think that it is any more vulnerable than a regular PSTN call.
Does that help? Note that if Skype were to ever create an enterprise version for use on a corporate server, private encryption would surely be sacrificed. Let's not be surprised to see such a version someday (soon?). Take a look at a thread nearby that concerns a PBX using Asterisk.... a proto enterprise Skype server.
[quote=garnet_stone]One way to control the risk is to make sure your computer is not behind a firewall that forces Skype to reach you through a special supernode.[/quote]
This is an absurd thing to suggest. Lets just suggest that people leave their doors unlocked and staple $100 bills to the outside of their shirt pockets.
[quote=garnet_stone]Perhaps someone with more understanding than I have can address a related question.... can an ISP that manages to get a copy of one's Skype then intercept Skype packets for that Skype user (at a known IP address)?[/quote]
Not quite sure what you're asking, but any packets that go through your ISP can most certainly be captured. With relation to Skype, though, this is of little value (providing the encryption is up to snuff which I'm going to assume it is).
[quote=garnet_stone]
In the context of SkypeIN/OUT, there is an increased risk of compromise because the part of the call going over PSTN is unencrypted. I would be particularly concerned with the Skype/PSTN interface because that's the obvious place to set up a listening device..... but there is no reason to think that it is any more vulnerable than a regular PSTN call.
[/quote]
I would agree that this is a bigger risk, but is unrelated to IP addresses. Knowing ones IP address would not help much with capturing PSTN calls. Once its made it that far its no longer on the Internet (as I understand it).
This is an absurd thing to suggest. Lets just suggest that people leave their doors unlocked and staple $100 bills to the outside of their shirt pockets.
[quote=garnet_stone]Perhaps someone with more understanding than I have can address a related question.... can an ISP that manages to get a copy of one's Skype then intercept Skype packets for that Skype user (at a known IP address)?[/quote]
Not quite sure what you're asking, but any packets that go through your ISP can most certainly be captured. With relation to Skype, though, this is of little value (providing the encryption is up to snuff which I'm going to assume it is).
[quote=garnet_stone]
In the context of SkypeIN/OUT, there is an increased risk of compromise because the part of the call going over PSTN is unencrypted. I would be particularly concerned with the Skype/PSTN interface because that's the obvious place to set up a listening device..... but there is no reason to think that it is any more vulnerable than a regular PSTN call.
[/quote]
I would agree that this is a bigger risk, but is unrelated to IP addresses. Knowing ones IP address would not help much with capturing PSTN calls. Once its made it that far its no longer on the Internet (as I understand it).
[quote=granger][quote=garnet_stone]One way to control the risk is to make sure your computer is not behind a firewall that forces Skype to reach you through a special supernode.[/quote]
This is an absurd thing to suggest. Lets just suggest that people leave their doors unlocked and staple $100 bills to the outside of their shirt pockets.[/quote]
I'm afraid you don't quite understand the way a Skype call is set up. On the other hand, perhaps you weren't really trying to say something with technological relevance.
This is an absurd thing to suggest. Lets just suggest that people leave their doors unlocked and staple $100 bills to the outside of their shirt pockets.[/quote]
I'm afraid you don't quite understand the way a Skype call is set up. On the other hand, perhaps you weren't really trying to say something with technological relevance.
[quote=garnet_stone][quote=granger][quote=garnet_stone]One way to control the risk is to make sure your computer is not behind a firewall that forces Skype to reach you through a special supernode.[/quote]
This is an absurd thing to suggest. Lets just suggest that people leave their doors unlocked and staple $100 bills to the outside of their shirt pockets.[/quote]
I'm afraid you don't quite understand the way a Skype call is set up. On the other hand, perhaps you weren't really trying to say something with technological relevance.[/quote]
No I understand completely. It is correct that without a firewall, you will make a direct connection (if possible) and thus reduce the risk of man-in-the-middle. I assure you I understand every bit as well as you how a Skype call is set up.
But you increase your risk to all sorts of other things by disabling your firewall. That was my point that you seemed to miss entirely. You are far better off "risking" the man-in-the-middle attack than disabling your firewall. Firewalls exist for a reason.
The absurdity was suggesting that someone disable a means of security to combat another threat to security. Cutting your nose off and all that.
This is an absurd thing to suggest. Lets just suggest that people leave their doors unlocked and staple $100 bills to the outside of their shirt pockets.[/quote]
I'm afraid you don't quite understand the way a Skype call is set up. On the other hand, perhaps you weren't really trying to say something with technological relevance.[/quote]
No I understand completely. It is correct that without a firewall, you will make a direct connection (if possible) and thus reduce the risk of man-in-the-middle. I assure you I understand every bit as well as you how a Skype call is set up.
But you increase your risk to all sorts of other things by disabling your firewall. That was my point that you seemed to miss entirely. You are far better off "risking" the man-in-the-middle attack than disabling your firewall. Firewalls exist for a reason.
The absurdity was suggesting that someone disable a means of security to combat another threat to security. Cutting your nose off and all that.
[quote=granger]But you increase your risk to all sorts of other things by disabling your firewall. That was my point that you seemed to miss entirely. You are far better off "risking" the man-in-the-middle attack than disabling your firewall. Firewalls exist for a reason.
The absurdity was suggesting that someone disable a means of security to combat another threat to security. Cutting your nose off and all that.[/quote]
OK. Thanks for the clarification, but we agree this is off the topic. There is no security risk persay in opening up a firewall to Skype packets, but there might be if you inadvertantly opened the firewall to other stuff.
The absurdity was suggesting that someone disable a means of security to combat another threat to security. Cutting your nose off and all that.[/quote]
OK. Thanks for the clarification, but we agree this is off the topic. There is no security risk persay in opening up a firewall to Skype packets, but there might be if you inadvertantly opened the firewall to other stuff.
[quote=garnet_stone][quote=granger]But you increase your risk to all sorts of other things by disabling your firewall. That was my point that you seemed to miss entirely. You are far better off "risking" the man-in-the-middle attack than disabling your firewall. Firewalls exist for a reason.
The absurdity was suggesting that someone disable a means of security to combat another threat to security. Cutting your nose off and all that.[/quote]
OK. Thanks for the clarification, but we agree this is off the topic. There is no security risk persay in opening up a firewall to Skype packets, but there might be if you inadvertantly opened the firewall to other stuff.[/quote]
Agreed. Simply opening your firewall on the single port that Skype is listening on would be ok. Perhaps I misunderstood your suggestion.
Skype is an impressive beast in that it doesn't require that you open your firewall to its listening port. The risk of that is just what the original poster mentioned.
Also to address the original poster's point, yes - most definitely a relay in the middle can see your IP address and the IP address of the callee.
At the end of the day, though, I'd say that the chances of falling prey to a man-in-the-middle attack are slim to none. There are likely far easier ways to get to someone than through Skype. Encryption ftw. Yes, you can give up your IP address but if you are properly protected, said party will not be able to get to your IP address to do any damage.
The absurdity was suggesting that someone disable a means of security to combat another threat to security. Cutting your nose off and all that.[/quote]
OK. Thanks for the clarification, but we agree this is off the topic. There is no security risk persay in opening up a firewall to Skype packets, but there might be if you inadvertantly opened the firewall to other stuff.[/quote]
Agreed. Simply opening your firewall on the single port that Skype is listening on would be ok. Perhaps I misunderstood your suggestion.
Skype is an impressive beast in that it doesn't require that you open your firewall to its listening port. The risk of that is just what the original poster mentioned.
Also to address the original poster's point, yes - most definitely a relay in the middle can see your IP address and the IP address of the callee.
At the end of the day, though, I'd say that the chances of falling prey to a man-in-the-middle attack are slim to none. There are likely far easier ways to get to someone than through Skype. Encryption ftw. Yes, you can give up your IP address but if you are properly protected, said party will not be able to get to your IP address to do any damage.
[quote=granger]Also to address the original poster's point, yes - most definitely a relay in the middle can see your IP address and the IP address of the callee.
At the end of the day, though, I'd say that the chances of falling prey to a man-in-the-middle attack are slim to none. There are likely far easier ways to get to someone than through Skype. Encryption ftw. Yes, you can give up your IP address but if you are properly protected, said party will not be able to get to your IP address to do any damage.[/quote]
The man-in-the-middle would need not only to intercept the IP packets but also to have a copy of your Skype (or the relevant part that makes the keys). You fix that by just making sure your computer has not been physically compromised. To sum it up, man-in-the-middle is not really a valid concern in normal Skype-to-Skype calls.
At the end of the day, though, I'd say that the chances of falling prey to a man-in-the-middle attack are slim to none. There are likely far easier ways to get to someone than through Skype. Encryption ftw. Yes, you can give up your IP address but if you are properly protected, said party will not be able to get to your IP address to do any damage.[/quote]
The man-in-the-middle would need not only to intercept the IP packets but also to have a copy of your Skype (or the relevant part that makes the keys). You fix that by just making sure your computer has not been physically compromised. To sum it up, man-in-the-middle is not really a valid concern in normal Skype-to-Skype calls.
[quote=garnet_stone][quote=granger]Also to address the original poster's point, yes - most definitely a relay in the middle can see your IP address and the IP address of the callee.
At the end of the day, though, I'd say that the chances of falling prey to a man-in-the-middle attack are slim to none. There are likely far easier ways to get to someone than through Skype. Encryption ftw. Yes, you can give up your IP address but if you are properly protected, said party will not be able to get to your IP address to do any damage.[/quote]
The man-in-the-middle would need not only to intercept the IP packets but also to have a copy of your Skype (or the relevant part that makes the keys). You fix that by just making sure your computer has not been physically compromised. To sum it up, man-in-the-middle is not really a valid concern in normal Skype-to-Skype calls.[/quote]
Indeed.
So to sum it all up for the original poster:
Yes your IP addresses can be viewed and captured by a potential relay.
Yes you can mitigate this by opening a port on your firewall.
No you cannot see the data within the packets without a herculean feat of capturing session keys.
No this isn't a real threat to worry about. I would change nothing and just know that your IP address is out there for people to see. With proper firewalling and Natting it is nothing at all to worry about.
At the end of the day, though, I'd say that the chances of falling prey to a man-in-the-middle attack are slim to none. There are likely far easier ways to get to someone than through Skype. Encryption ftw. Yes, you can give up your IP address but if you are properly protected, said party will not be able to get to your IP address to do any damage.[/quote]
The man-in-the-middle would need not only to intercept the IP packets but also to have a copy of your Skype (or the relevant part that makes the keys). You fix that by just making sure your computer has not been physically compromised. To sum it up, man-in-the-middle is not really a valid concern in normal Skype-to-Skype calls.[/quote]
Indeed.
So to sum it all up for the original poster:
Yes your IP addresses can be viewed and captured by a potential relay.
Yes you can mitigate this by opening a port on your firewall.
No you cannot see the data within the packets without a herculean feat of capturing session keys.
No this isn't a real threat to worry about. I would change nothing and just know that your IP address is out there for people to see. With proper firewalling and Natting it is nothing at all to worry about.
[quote=granger]Indeed.
So to sum it all up for the original poster:
Yes your IP addresses can be viewed and captured by a potential relay.
Yes you can mitigate this by opening a port on your firewall.
No you cannot see the data within the packets without a herculean feat of capturing session keys.
No this isn't a real threat to worry about. I would change nothing and just know that your IP address is out there for people to see. With proper firewalling and Natting it is nothing at all to worry about.[/quote]
There, now wasn't that fun! We both must have had a pleasant Christmas.
So to sum it all up for the original poster:
Yes your IP addresses can be viewed and captured by a potential relay.
Yes you can mitigate this by opening a port on your firewall.
No you cannot see the data within the packets without a herculean feat of capturing session keys.
No this isn't a real threat to worry about. I would change nothing and just know that your IP address is out there for people to see. With proper firewalling and Natting it is nothing at all to worry about.[/quote]
There, now wasn't that fun! We both must have had a pleasant Christmas.
[quote=garnet_stone]There, now wasn't that fun! We both must have had a pleasant Christmas.[/quote]
I do try to be a good girl every now and again.
Merry Christmas, garnet!
I do try to be a good girl every now and again.
Merry Christmas, garnet!
Merry (next?) Christmas all indeed. Nice discussion and all correct.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.