Skype - impossible to block…

unguzov · Sep 12, 2012, 12:12 PM

I have a problem with Skype blocking. In pfSense 1.2.3 this was possible with Snort, now in 2.0.1 it does not work.
Snort detects Skype login and block destination IP, but it is too late, Skype can login just fine:

Blocked
78.141.179.13
PUA-P2P Skype client login startup - 09/12-14:10:00
PUA-P2P Skype client login - 09/12-14:10:00

Blocked
78.141.179.17
PUA-P2P Skype client login startup - 09/12-14:32:15
PUA-P2P Skype client login - 09/12-14:32:15

Blocked
78.141.179.11
PUA-P2P Skype client login startup - 09/12-14:41:58
PUA-P2P Skype client login - 09/12-14:41:59

If I set Snort to block src and dst IP it works, but all traffic from workstation with skype is blocked and this is not a good idea. Layer 7 rule do not work too.

Can someone help me with this problem?

marcelloc · Sep 12, 2012, 3:03 PM

On my tests, block 443 worked fine.

Fesoj · Sep 15, 2012, 5:33 AM

I have a problem with Skype blocking.

I don't and I am using pfSense 2.0.1 and Snort 2.9.2.3 pkg v. 2.5.1. Either you enable the rules in pua-p2p, or use the default ET set of rules.