11:58 Torrent Skype and security | |
Disclaimer: All the reasons mentioned below - my personal thoughts, not their aim to discredit the mentioned systems and their manufacturers. His short about myself: I am engaged in network security. 8 years. Specialize in cisco (CCIE Security). I'm very cautious attitude to both systems (Torrent, Skype). But still could not articulate what I do not like. And now I try whenever possible to objectively tell you what worries me. But first, let me remind the distinguished habrachitatelyam that a botnet, what it eats and why it is so dangerous. Botnets - the union razrozennyh computers under a malicious control. Botnets are divided into active and passive. Computers in the active botnet know them remotely controlled. In passive - no. How do computers come in a botnet? Usually used for this purpose Trojans (installed on one computer, and you put in parallel unordered), sent with the mail worms (self-propagating malicious code on a network), self-running program on the flash drive and etc. The main task - to establish a computer program that will "knock" (trying to connect) from inside the firewall to hosts outside control (call-home). Once the infected computer dostukivaetsya to the management server, according to the session they can poupravlyat. Attempts to connect are made, usually on the name (s), and these names to dynamically change DNSe every day. And ports of these applications (Sobakin kids!) Choose different, random in the hope that they are open on the firewall. And why are they dangerous? Good yes botnet in the capable hands - the most powerful weapon for proivedeniya distributed denial of service (DDoS), spam and other attacks. Against DDoS no effective weapons (channel, "shut up" by the provider, the client "dig up" well, can not). Do you want to be part of a botnet? And now some facts about the torrent: 1. Torrents (many clients) can connect to many ports 2. Torrents use a lot of addresses at which registered 3. You yourself are putting the client initiate the connection from the screen mezhsetevgo 4. Activities at the pumping (when traffic is taken away from the client) can easily hide any of the client and about Skype: 1. When you install Skype all receive a certificate, signed by the Skype server 2. When adding a new subscriber is added to the certificate 3. When connecting to a server, all traffic is encrypted certificate (public key) server. I tried it a week ago zafiltrovat with cisco IPS and was humiliated: (old (unencrypted) version of the IPS to filter templates. 4. Skype can cling (for unknown locations and unknown ports) to different servers 5 . Session Skype (service) is not being tracked, as well as spoken, for encrypted ... What am I to conclude from this? And the fact that both services from a network point of view is painfully reminiscent of the botnet ... I have one of anything does not discourage. Not only that, I admit that Skype - simple and ingenious piece combining the some simple and clever ideas (encryption, certificates for automatic trust, "paranoid" brute-force connection, the discovery of two sessions of 2 clients inside firewalls). and convenient for the user. But it is - a headache bezopasnikov, if you need to close. And the engine, I think, is useful for many (though IMHO its influence and popularity of the much hyped and I was not very clear) ... Only one but: I personally do not believe that at one time neprekrasny millions of computer users popular services will not turn into one huge botnet, from which will not be enough to save ... "upgrade." I was very glad to be wrong. disprove my words. And you can call me paranoid and alarmist:) Regards, Sergei Fedorov | |
|
Total comments: 0 | |