hello,

i'm well aware of skype's excellent performance when it comes to encrypting communications end-to-end , but i'm not sure about the anonymity of skype.

what i mean by that, does skype establish communications from one end of the conversation to another directly in a pure peer2peer fashion or does skype pass the traffic through third party nodes in order to hide both parties ip's from each other (as is the case in tor) ?

this is very important !

cheers

Skype Security - protecting your security and privacy - http://www.skype.com/intl/en-us/secu...urity-privacy/

okay ,

any way to determine whether you're communication through a third party to directly to other party during a skype conversation?

AFAIK it does but for for reasons of connectivity.


Why would you not be? Skype was never marketed as such: SecurityFocus (2005), schneier (2006), hermann-uwe (2006).


If you know the remote IP address of caller then on establishing a connection network connection table for the process should not show different IP addresses?

The most reasonable assumption, in these days and times, is that everything you say or do on the Internet is being intercepted and recorded and will be preserved for all time. Even though Skype encrypts communication along the network, you should assume as a matter of course that "you are being watched" ... in everything you casually say to your "friends" on Facebook; in everything you e-mail or chat; in every word you say on a cell-phone or Internet phone.

Ahem... "Why?"

Simple: (a) because it is technically possible, and (b) because there are billions of dollars in public money to be "earned" by doing it. Thousands of high-capacity disk drives to be sold to Governments, only to be locked away in deep mountains, but sold, nonetheless. And so on.

And no ... believe it or not ... this is not a "political rant." We live in a very paranoid world right now, and there is very good money to be made for a few people from selling paranoia. I think that, while it is perfectly desirable to hope that the world will not continue to be this way, it is pragmatic to realize that for the moment at least ... it is.

Right now, as I said, you can make billions of dollars in a very short time by persuading some government operative (knowing that he or she simply wants to cover his or her own asterisk ...) that "an unspecified threat" lurks behind each and every mushroom, and that a massive purchase of high technology will enable the collection of enough information (ostensibly...) that, no matter what, the aforesaid government operative will be able to be certain that, should anything bad ever actually happen, their butt was covered, by gawd.

Skype network theoretically uses nodes for relaying data. Nodes are ordinary computers dynamically "elected" by the network because they have good network connectivity or such. This means that less servers are needed by Skype.
Most communications (voice, video etc) go through 3rd parties because of this. Theoretically the voice/video connections between 2 Skype computers are routed via the best possible route (least latency etc) and are peer-to-peer without going through servers.
Now, all the communications in the Skype network are encrypted quite well and the nodes dont even know that they are relaying. Cracking the encryption used in Skype is very hard from outside.

BUT: Given the closed nature of the Skype network (the specs are not disclosed, although some hackers played around with them and they managed to map up certain aspects) there is no knowing that if they have the ability to listen to all communications (which i suspect they have) - maybe not all the time to prevent overloading the servers, but on a "want to know" basis they probably can listen/see. They just have to instruct the nodes to forward the streams used by user x and y to the listening server.

The text chat IS stored on servers (maybe the files too). This is right in their EULA. The reason is to have the ability to send the message if the receiver is not signed in when it ws sent to it (and probably other non-disclosed reasons such as storage/analysis by law enforcement). And if i remember right, the EULA also says that they are complying with the laws - so look up what is in the US laws, but im pretty much sure they must have the ability to give anything that goes on in their network to law enforcement (or other agencies).

Anyway if you really want (the best available) privacy, use direct peer-to-peer encrypted connection (openvpn + other tools such as ssh and/or stunnel with private keys+password coupled with voice/video clients that use on-the-fly srtp/zrtp voice encryption or even better, certificate-based encryption and OTR text encryption such as Jitsi). Now nothing is guaranteed to be 100% secure, but if you use all those layers of protection, it is very difficult to decypher it.

PS If you use Skype via Pidgin on both sides (Pidgin has Skype plugin, but Skype is needed to work), you can use Pidgins OTR plugin to send encrypted text to each other via the Skype network.

well i don't know the remote IP for that , besides doing netstat won't necessarily catch anything because connections are being opened and closed very fast.
what i need is a method or command that can dump/log all net traffic similarly to wireshark but on a process ID/name basis !

It's a known fact that .50BMG rounds will penetrate personal bulletproof vests worn by cops and soldiers , yet they still wear them because it tremendously reduces the risk of death despite the fact that no armor is "bulletproof"!

the bottom line is that security measures are undertaken and planned based on the relevant threat that is facing you and not on ALL imaginable ones !!
so back to the topic , when i asked this question about skype and was thinking about a very particular risk , namely that of the other party ID'ing me.

cheers

hello,

i need something like wireshark that can dump all packets and list them according to the processes that either sent or received them.

cheers

No, packet capturing doesn't work at the process level. Sure it can be done but it'll take correlation though. Netfilter provides targets like ULOG / NFLOG and NFQUEUE to copy packets which userland apps can read and store. The benefit here is that Netfilter can classify traffic based on criteria (example: http://wiki.wireshark.org/CaptureSetup/NFLOG) that tshark / tcpdump can not which may make things less difficult. Your approach and what correlation you need (Auditd, Atop, strace, kprobes, inotify, whatever else you can think of) depends on what you're looking for. So please first elaborate and be as verbose and complete as possible.

well i'm trying to all capture traffic that originates from a particular process that's it !

hello , i still need help with this , any takers ?
what i need is something runnable instead of vague instructions .

thanks

I think the problem here is your requirements and what you are actually telling us. You see you don't want vague instructions yet you are being vague about your requirements. How can anyone possibly be of any reasonable help in this scenario? So as unSpawn said
so you may actually get the assistance you seem to want.

btw I doubt I'd have any answers but I am interested in this so I'll watch this space.

Did you not even read the NFLOG link I posted? Nothing vague about those instructions. Just ensure the UID only runs Skype and nothing else or add rules to counter that.

Good post! While reviewing the post i come to know about some good aspects and knowledge about Skype security. I gather good knowledge from this post. I would like to thank you all for sharing your most valuable posting.

oops my bad , thanks for sharing

cheers