Block Skype connections

There is a popular belief that Skype client is very hard to block on the network layer, due to it’s Peer-To-Peer behavior and usage of HTTP/S ports.

Block Skype client

However at present time (December, 2012) Skype client connections can be blocked pretty simply by a few firewall rules.
After startup, Skype client receives a number of it’s master (login?) servers – dsnX.d.skype.net. Currently there are 16 DNS entries from dsn0.d.skype.net to dsn16.dsn.skype.net.

Using simple bash script (uses Linux DNS utility – dig) we can get most of these server’s IP addresses:

[code]
for i in {0..20} ; do dig +short dsn$i.d.skype.net; done | sort | uniq
[/code]

Just block all access to following networks and Skype client won’t be able to authenticate and connect.

111.221.74.0/24
111.221.77.0/24
157.55.130.0/24
157.55.235.0/24
157.55.56.0/24
157.56.52.0/24
213.199.179.0/24
64.4.23.0/24
65.55.223.0/24

For Linux router, with IPtables firewall, you may use following command:

[code]
for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A OUTPUT -d $ip -j DROP; done
[/code]

20 thoughts on “Block Skype connections

  1. i am using nokia 6680.i can’t access skype it always tell me skype coundn’t connect to skype server.please help.

  2. I just used ping to get the current list on a windows machine and put the values into a spreadsheet for my own reference. I could list all of the addresses but what is important is the networks so here they are.

    64.4.23.0/24
    65.55.223.0/24
    157.55.235.0/24
    157.56.52.0/24

    If you want a comma delimited list of the actual IP addresses, email me and I will send you a list. Or you could just ping each one like I did.

    Thanks,

  3. Pingback: WiFi bei AB kommt - Seite 2

  4. Still able to connect with skype after entering these in filter. any other ideas? This didnt seem to work. Blocks web site but not the program.

  5. #With these iptables rules skype will not be able to connect to it’s host servers, preventing the annoying neighbor from making skype calls at 3 A.M.

    #Output chain does not affect skype.
    for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A OUTPUT -d $ip -j DROP; done

    #Input chain must be the reason it does not connect.
    for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A INPUT -d $ip -j DROP; done

    #Not tested.
    for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A FORWARD -d $ip -j DROP; done

    #Not tested.
    for ip in 111.221.74.0/24 111.221.77.0/24 157.55.130.0/24 157.55.235.0/24 157.55.56.0/24 157.56.52.0/24 213.199.179.0/24 64.4.23.0/24 65.55.223.0/24; do iptables -A FIREWALL -d $ip -j DROP; done

    #To delete these rules just use ‘-D’ (delete) instead of -‘A’ (append) in all the chains
    I use an *.sh script that applies the rules after midnight and deletes them at 9:00 in the morning.

  6. I want to ensure Skype connection is stable, as I am getting a lot of complaints about Skype connectivity. it is getting disconnected frequently.

Leave a Reply

Your email address will not be published. Required fields are marked *