Hey Greg, I found this article which should help a bit.
http://www.net- security.org/dl/articles/Blocking_Skype.pdf#search=%22net%20squid%20skyp e%20blocking%22 Rudi -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Armer Sent: 11 September 2006 01:35 PM To: freebsd-pf@freebsd.org Subject: Block Skype with PF Good day list, I was just wondering if any of you have a running 'receipe' using PF that can block Skype. What I have found out is the following: - Skype picks a random port to use when it is installed - It can switch over to port 80 / 443 if a firewall is too restrictive - It appears UDP ports above 1024 are used aswell So what I was thinking of doing is blocking all outgoing UDP above port 1024, and trying to identify and block the port 80 / 442 traffic with squid and a transparent proxy. Does anyone have any better solutions to this which do not involve expensive layer 7 inspection hardware ? Many thanks for your comments / ideas. Regards, -- Greg Armer _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
