Skype (Mac) – how not to be a supernode

Posted on September 5, 2008 by visibleprocrastinations

I have re-visited Skype on OSX and get a strong indication that we will not be seeing Skype v.3 on OS X in the near future.

After chasing multiple sources (mainly based on reverse engineering the Skpe clients) I have reached a conclusion that the supernode function is not enabled in either the OS X or the Linux clients, and that this is further protected by using port 35502 for incoming connections and not using port 80 and 443 as alternatives for incoming connections in case it was introduced in a later patch.

=== begin control details ===

Installation Details:
These computer are running OSX.3 and OSX.4 (not OSX.5 at this stage)

Bandwidth management measures:

  1. Skype will only be started for pre-arranged calls and to shut it down when it is not being used.

    Stop autostart: via Mac’s System Preferences, select Accounts. Select the user account, then choose Login Items. Locate Skype in the list, highlight Skype then click on the ‘minus’ symbol beneath the list. Don’t simply untick it; REMOVE it.
  2. “supernode disabled” — as we are on OSX the registry fix is unavailable; 3rd party evidence suggests that the supernode function is only enabled in the Windows client.
  3. Skype usage will be monitored using our K2 licencing keyserver application.
  4. Network traffic from this computer will also be monitored.
  5. Use port 35502 for incoming connections;

    DO NOT use port 80 and 443 as alternatives for incoming connections.

=== end control details ===

This entry was posted in skype. Bookmark the permalink.

9 Responses to Skype (Mac) – how not to be a supernode

  1. Pingback: Best Practices for Skype Users « Visible Procrastinations

  2. vasiliadi says:
    October 15, 2009 at 8:20 pm

    Why only port 35502? Not 24312 for example?

    Reply

  3. Pingback: Отключаем Supernode в Skype | Danik.info

  4. domax says:
    October 17, 2009 at 3:20 am

    I am a linux user, but I know Mac has very similar functionality around firewall rules. So, if you know port number for incoming p2p connections then you can protect your host like this (I use here iptables as FW ruler just because I know it and I demonstrate idea):

    iptables -A INPUT -j FW-INPUT
    iptables -A FORWARD -j FW-INPUT
    iptables -A FW-INPUT -i lo -j ACCEPT
    iptables -A FW-INPUT -p icmp –icmp-type any -j ACCEPT
    # This record allows all outgoing connections even prohibited Skype’s p2p one:
    iptables -A FW-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
    # Now we are prohibiting Skype’s p2p port:
    iptables -A FW-INPUT -m state –state NEW -m tcp -p tcp –dport 35502 -j REJECT –reject-with icmp-host-prohibited
    # All another connections are accepted:
    iptables -A FW-INPUT -j ACCEPT

    What do U think?

    Reply

  5. Pingback: Отключаем Supernode в Skype | FUTUROPEDIA blog: "Изменим Будущее Сегодня"

  6. Pingback: Skype (Mac) – how not to be a supernode, still no solution « Visible Procrastinations

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.