|
A warning to Skype users
3 months ago
|
I had a bit of s security scare this morning when checking my router logs.
Basically, I saw a lot of unknown traffic, including lots of incoming connections to Port 58741 from addresses located all over the place, including from the Ukraine, Germany, Poland and Spain.
There were no other incoming connections other than those going to Port 58741.
Interestingly, I could also test a connection to that port via a browser via http and it worked (going to a blank text page), using my external IP Address followed by :58741
When I used custom ports scans from external sites, it showed that port as open for tcp trafffic. For example, this probe:
https://www.grc.com/x/portprobe=58741
Surrounding ports appeared to be closed using user defined custom scans. See a screen capture showing results of a scan like that here:
http://dl.dropbox.com/u/4536228/port_scan1.jpeg
Again, I had no ports forwarded from my router, yet I could connect to a blank text page using my external IP Address followed by :58741
This behavior was confirmed by others when I asked about it in networking specific forums, and the consensus was that some type of malware was probably running on my network that was able to allow connections to that port, even though port forwarding in my router was disabled.
I finally found the culprit by testing all internal addresses (versus my external IP address) using that port, finding that I was able to connect to my wife's laptop (using http://192.168.1.104:58741 since the router's DHCP server had assigned 192.168.1.104 to it).
I checked to see what was running on it and Skype was the culprit. Closing Skype solved it, and external scans tben showed port 58741 as closed.
I had installed Skype on her laptop (running Mepis, a linux distro using a Debian Squeeze/Stable base) in December, so she could use it for video chats with family members. I bought her a Logitech Webcam then as a Birthday present.
But, apparently, Skype may use a small percentage of computers running it as "SuperNodes" to help route traffic, and she's been leaving her laptop on 24x7 with Skype running, which probably made it a good candidate for that purpose.
You'll see more about Skype SuperNodes if you read pages 8, 9, and 10 in the Skype "Guide for Network Administrators" referenced on this wikipedia page, as it goes into more detail about it (see the .pdf linked to via reference 12):
https://en.wikipedia.org/wiki/Skype_...ote-max2006-12
Apparently, there are ways to prevent a skype client from being used that way (google is your friend).
Anyway, seeing that traffic in my router logs was just a bit unnerving, and I was getting ready to use Packet Sniffers (Wireshark, etc.) before identifying the culprit as Skype, as I strongly suspected a router firmware bug or malware running as the problem, despite my best efforts at being very careful about security,.
In any event, just a friendly warning/notice to Skype users, that it may try to use a computer running Skype as a SuperNode, increasing your network traffic.
So, if you see any odd traffic in your router logs, check to see if Skype is the culprit before jumping to other conclusions.
Fun.
--
JimC
------
| Post (hide subjects) | Posted by | When | |
|---|---|---|---|
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | 1 | ||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago | |||
| 3 months ago |
   |
|
Connect with dpreview
|
