There is a popular belief that Skype client is very hard to block on the network layer, due to it’s Peer-To-Peer behavior and usage of HTTP/S ports.
However at present time (December, 2012) Skype client connections can be blocked pretty simply by a few firewall rules.
After startup, Skype client receives a number of it’s master (login?) servers – dsnX.d.skype.net. Currently there are 16 DNS entries from dsn0.d.skype.net to dsn16.dsn.skype.net.
Using simple bash script (uses Linux DNS utility – dig) we can get most of these server’s IP addresses:
[code]
for i in {0..20} ; do dig +short dsn$i.d.skype.net; done | sort | uniq
[/code]
Just block all access to following networks and Skype client won’t be able to authenticate and connect.
111.221.74.0/24
111.221.77.0/24
157.55.130.0/24
157.55.235.0/24
157.55.56.0/24
157.56.52.0/24
213.199.179.0/24
64.4.23.0/24
65.55.223.0/24
For Linux router, with IPtables firewall, you may use following command:
[code]
for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A OUTPUT -d $ip -j DROP; done
[/code]
i am using nokia 6680.i can’t access skype it always tell me skype coundn’t connect to skype server.please help.
Thank you very much, it works well, now I am able to block skype from my network
Hi
Could you update current skype network list as of october 2013 pls.
Reg
Boopathy
The list is still actual for current date of December 2013.
I just used ping to get the current list on a windows machine and put the values into a spreadsheet for my own reference. I could list all of the addresses but what is important is the networks so here they are.
64.4.23.0/24
65.55.223.0/24
157.55.235.0/24
157.56.52.0/24
If you want a comma delimited list of the actual IP addresses, email me and I will send you a list. Or you could just ping each one like I did.
Thanks,
Would you be so kind to send me that comma delimited list?
Thank you!
Pingback: WiFi bei AB kommt - Seite 2
Still able to connect with skype after entering these in filter. any other ideas? This didnt seem to work. Blocks web site but not the program.
Genius
#With these iptables rules skype will not be able to connect to it’s host servers, preventing the annoying neighbor from making skype calls at 3 A.M.
#Output chain does not affect skype.
for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A OUTPUT -d $ip -j DROP; done
#Input chain must be the reason it does not connect.
for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A INPUT -d $ip -j DROP; done
#Not tested.
for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A FORWARD -d $ip -j DROP; done
#Not tested.
for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A FIREWALL -d $ip -j DROP; done
#To delete these rules just use ‘-D’ (delete) instead of -‘A’ (append) in all the chains
I use an *.sh script that applies the rules after midnight and deletes them at 9:00 in the morning.
The question is which IP subnet is the instant Messenger for group chat?
I guess I can systematically test each subnet.
why ..do iptables -A OUTPUT -d.. and not -I FORWARD?
Hi, Im trying to ALLOW only skype, do u have an updated list of servers??
I want to ensure Skype connection is stable, as I am getting a lot of complaints about Skype connectivity. it is getting disconnected frequently.
Could you update current skype network list as for Sep 2016??
thanks
Could you update current skype network list as for Sep 2016??
thanks
Hi,
Please… Would somebody tell me the networks list to allow Skype?
Thanks,
new subnet is:
64.4.0.0/18
65.52.0.0/14
111.221.64.0/18
157.55.0.0/16
157.56.0.0/16
This subnet is also used by skype
23.96.0.0/13
131.253.128.0/17, 131.253.62.0/23, 131.253.61.0/24, 131.253.64.0/18