how to block skype on SRX

To test how SRX blocks skype logins I have done the followings test and it worked;

1) Create a test IDP policy named My_Policy

One thing I have noticed is if you dont use ip-block as ip-action, idp triggers the close-client event but login is still successful.

2) Apply the policy as active

3) Use it in a security policy

4) Enable logging to see what is going on

5) Commit the config and check policy compilation;

6) Once the compilation is completed, try to login to skype and watch the logs. You must see something similar like below;

7) You can also see which IP addresses are blocked;

Below is my system details if you want to compare;

root@ankara> show version
Hostname: ankara
Model: srx100h
JUNOS Software Release [10.4R7.5]

root@ankara> show security idp security-package-version
Attack database version:2053(Tue Dec 27 14:15:02 2011)
Detector version :11.6.160110920
Policy template version :2053

4 thoughts on “how to block skype on SRX

  1. Gospode Dzem

    Sir,
    I still cannot block Skype. It is only possible to detect version check attack.
    Attack name #Hits
    VOIP:SKYPE:VERSION-CHECK 1
    Can you help me with this problem?
    Thank you sir!

    Reply
  2. Sir Casters

    Good Sir,
    Predefined attacks VOIP:SKYPE:LOGIN VOIP:SKYPE:PROBE-1 cannot detect my Skype login. Could you help me with this issue?

    Thank you in advance!

    Reply
  3. Sir Casters

    Yes. When I type “run show security idp attack table”, in the table there is only VOIP:SKYPE:PROBE-1 matched.
    # run show security idp attack table
    IDP attack statistics:

    Attack name #Hits
    VOIP:SKYPE:PROBE-1 1
    Here is the part of configuration:

    rule BLOCK-SKYPE {
    match {
    from-zone PCs;
    to-zone INTERNET;
    application default;
    attacks {
    predefined-attacks [ VOIP:SKYPE:CONNECTION VOIP:SKYPE:INSTALL VOIP:SKYPE:LOGIN VOIP:SKYPE:PROBE-1 VOIP:SKYPE:VERSION-CHECK ];
    }
    }
    then {
    action {
    close-client;
    }
    ip-action {
    ip-block;
    target destination-address;
    }
    }
    }

    There is one IP address blocked, but Skype works quite fine.
    # run show security flow ip-action
    Src-Addr Src-Port Dst-Addr Dst-Port/Proto Timeout(sec) Zone Action
    * * 149.5.45.166 */* never * drop

    Thank you.

    P.S.
    Your blog is great. We have found many useful things reading it.

    Reply

You have a feedback?