March 21, 2013

The events of the past week reminded me of a privacy topic I’ve been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.

A Skype resolver service in action.

A Skype resolver service in action.

The fact that Skype betrays its users’ online location information is hardly news. For example, The Wall Street Journal and other news outlets warned last year about research showing that it was possible to coax Skype into revealing the IP addresses of individual Skype users. But I believe most Skype users still have no clue about this basic privacy weakness.

What’s changed is that over the past year, a number of services have emerged to help snoops and ne’er-do-wells exploit this vulnerability to track and harass others online. For example, an online search for “skype resolver” returns dozens of results that point to services (of variable reliability) that allow users to look up the Internet address of any Skype user, just by supplying the target’s Skype account name.

In the above screen shot, we can see one such service being used to display the IP address most recently used by the Skype account “mailen_support” (this particular account belongs to the tech support contact for Mailien, a Russian pharmacy spam affiliate program by the same name).

A Skype IP resolver service in action.

A Skype IP resolver service in action.

Typically, these Skype resolvers are offered in tandem with “booter” or “stresser” services, online attack tools-for-hire than can be rented to launch denial-of-service attacks (one of these services was used in an attack on this Web site, and on that of Ars Technica last week). The idea being that if you want to knock someone offline but you don’t know their Internet address, you can simply search on Skype to see if they have an account, and then use the resolvers to locate their IP. The resolvers work regardless of any privacy settings the target user may have selected within the Skype program’s configuration panel.

Many of these resolver services offer “blacklisting,” which for a fee will allow users to prevent other users from looking up the IP address attached to a specific Skype account, said Brandon Levene, an independent security researcher.

“It’s basically a protection scheme,” Levene said.

Levene said the Skype resolvers work by using a modified Skype client (5.5 or 5.9) to create a debug log. This client is hosted on a web server.

“A simple script is used to construct a link containing a Skype username, which is passed to the modified client,” Levene said. “This client simply attempts to add the requested username to a contact list and parses the target account’s ‘information card’ (if available). This process writes the IP address of the requested username to the debug log, in plain sight.”

Beyond exposing one’s Internet connection to annoying and disruptive attacks, this vulnerability could allow stalkers or corporate rivals to track the movement of individuals and executives as they travel between cities and states.

Skype was purchased by Microsoft in 2011, but Microsoft appears to have done little to address this privacy weakness, despite the attention brought to it and the proliferation of sites offering tools to exploit it. “We are investigating reports of tools that capture a Skype user’s last known IP address,” a spokesperson for Skype said in an emailed statement. “This is an ongoing, industry-wide issue faced by all peer-to-peer software companies.”

The simplest way to address these privacy issues would be to relay all Skype signalling traffic (e.g., handshakes) through proxies, said Stevens Le Blond, a researcher at the Max Planck Institute for Software Systems in Germany.

“That would prevent low-resource third parties, such as resolvers, to track Skype users,” Le Blond wrote in an email to KrebsOnSecurity. “However, despite a major infrastructure upgrade last year, Skype is still vulnerable to location tracking. One can only hypothesize as to why that is the case. One possibility is that relaying all signalling traffic would break interoperability with earlier versions of Skype.

Defending against more powerful attackers able to eavesdrop on Internet links is much more challenging because it requires to relay both signalling and encrypted payload traffic, Le Blond said.

“One challenge is that the maximum Round Trip Time (RTT) that VoIP users can tolerate is around 300 milliseconds (ms) whereas the propagation delay in a fiber optical cable spanning the circumference of the planet is approximately 200ms. It means that when a user in Germany calls another one in Australia, the proxy service must incur less than 100ms additional RTT. My team and I are  currently working on this problem.”

Update, March 22, 9:45 a.m. ET: Added quotes from Microsoft, Levene and Le Blond.


55 thoughts on “Privacy 101: Skype Leaks Your Location

  1. n

    “microsoft appears to have done little *TO* [do] address..”

  2. voksalna

    Has anyone checked to see if the proxying settings in the Skype application are continuously respected and reflected in these data?

  3. Old School

    1. “Skype was purchased by Microsoft in 2011”. One would think that, before buying Skype, Microsoft would have assigned a team of gurus to investigate Skype using all legal means possible with the goal to learn just what the heck Microsoft would be buying. In my day it was called “due diligence”.

    2. “For example, an online search for “skype resolver” returns dozens of results that point to services (of variable reliability) that allow users to look up the Internet address of any Skype user, just by supplying the target’s Skype account name.” Before buying Skype, did the Microsoft gurus do their online research and searches using Bing, Google or Yahoo? I just tried “skype resolver” on Bing and got 4,630 results plus eight suggestions for a related search. Bing it on!

    3. There are 719 hits on Youtube for “skype resolver”.

    1. Neej

      Since you seem to be under the impression that Microsoft bought Skype so as to offer a messaging service that doesn’t reveal users IP addresses let me correct you: they bought it under commercial consideration.

      For example the consideration may have been the profit they believe they can realise from owning the service or to mitigate the threat from a competitor.

  4. Broseph Stalin

    I’m not sure how you think a p2p program should function, but generally it requires nodes to know what addresses to connect to. While re-routing between nodes (as is done in I2P and TOR) can obscure the source and destination, it would increase latency enough to make it useless for video or voice.
    If you want to fix this issue, I suggest you advise the Skype team to rewrite their entire application so that it uses centralized servers.

    1. bob

      Did you read the article? You can pull someone’s last used IP address from the Skype servers even if the target is offline. At least if someone tries to contact me I know, even as I reject them, that that person now knows my Skype name and IP. The problem here is that anyone with my Skype name can isolate my last used IP without me knowing about it.

      1. wiredog

        I suspect the ip address is stored for QoS reasons, to enable faster routing when someone calls you. It’s not clear if the IP address is looked up when the person being looked up is completely offline, or just not in a conversation.

  5. John S

    I just think as one security expert said. The majority of security issues for Windows today are not the OS itself but the software that runs on it. I think as with many of Apple’s security issues, they happen because they want to make the software and applications work as easily for people as possible. Its the main reason Active X was so bad early on. It was about making things easy for the user. Skype to me is just another example of many applications that require sharing of information to connect. It just requires far more engineering to make that more secure.

  6. JimboC

    Thanks for writing about this issue and spreading awareness, Brian. I feel embarrassed that I was not already aware of it.

    I only use Skype once or twice a week and always keep it up to date. This article definitely gives me pause for thought.

  7. JimboC

    Given that all Windows Messenger accounts (except if you live in China) are to migrate to Skype by April 8th this leaking of location could become a more viable method of attack. It will be definitely something to watch out for.

    I received an email from Microsoft informing me of this date, even though I don’t use Windows Messenger but have a Hotmail account (which I migrated to Outlook.com last year).

  8. Antti Kutoja

    Whilst one obviously needs the IP Address if the user is logged in, why do they to keep it stored once the user logs out?

    Would appear to be trivial to block this for non-logged in users. Probably not feasible for the logged-in ones.

  9. Dave

    Another feature I enjoy is watching my firewall logs and seeing Skype on our users systems attempting to route packets and connect to nodes in openly hostile nations to the US such as Iran and Syria. Not sure what can be done with that traffic but I don’t want it going there.

    1. SeymourB

      Communication attempts, taken by itself, doesn’t necessarily mean nefarious acts. During the Green Revolution (election protests) there were lots of Tor connections made from/to Iran, assisting protesters in communicating with the outside world and each other.

      Despite the brutality of the regime, which involved importing soldiers & police forces from foreign nations to commit acts of violence against their own citizens, the opposition movement is far from dead in Iran. They do have to be very, very careful since they can be put to death for speaking out against their government and its leaders.

      The problem is that, without being able to inspect the contents, the communication of a foreign national performing espionage in another country looks virtually the same as political opposition organizations communicating with like-minded groups using encryption to protect themselves. They can’t organize using servers in their country, due to the government having complete control over the infrastructure, so they use servers in foreign countries.

  10. DD

    I’m still a little unclear on how the IP address is being stored.

    Is this correct? Skype stores the last known IP address in plain text so that when requested by it’s debug tool it can be retrived. Using a modified Skype client, these tools (i.e. Skype Resolver) attempt to debug the manufactured problem of not being able to locate a Skype User Name, and what comes back to the modified client is the last known IP Address?

    1. Is plain text anything ever good when it comes to sensitive data?
    2. It sounds like if you’ve ever used Skype in your life and you still happen to have the same IP address, you’re at risk.
    3. Does the plain text nature of the IP address open up new ways to spoof or do other crazy stuff using a modified Skype client? Couldn’t this be used to impersonate a Skype account?

    1. Brandon L

      DD,

      That isn’t quite right. In a standard Skype client installation the IP address associated with a user’s username would not be stored in a readable form [locally]. The most popular Skype resolver is two “components”:
      1) Modified registry keys to enable client debugging and logging.
      2) A modified Skype binary which writes debug data to the logs in plain text.

      As far as I understand, typically without that modified Skype client, debug data would be written in an obfuscated form.

      The actual mechanism by which a Skype username is correlated to an IP is to use this modified client to attempt to add a target to a contact list and view his or her “information card”. In retrieving that “information card” (like a profile) the target’s IP is stored in the plain text logs (plain text due to the modified client) and is retrieved by a simple PHP script. The resolution of IP/Username is intentional. What is NOT is the plain text client debugging that is being used.

      To answer your specific questions (as best as I can):
      1) Plain text storage of sensitive data is generally a bad idea. If you don’t want people to read it, then it shouldn’t be stored natively in a readable form. This is such a big issue (in the US) that there have been multiple pieces of legislation (see parts of HIPAA).

      2) This is likely to be true. If you use Skype, you’re at risk.

      3) Outside of social engineering attempts in which one were to try and claim a “lost” account and utilize his or her IP as authenticity, I don’t believe this method will offer other risk other than information disclosure.

      1. DD

        Brandon L,

        Thanks for the reply. I didn’t assume that the IP was stored locally. I guess I was assuming that Skype normally stores the IP on it’s own server(s) for the use of communication between legitimate users of Skype. If this is incorrect, what happens?

        Also, when Skype is modified as you describe…does the IP get stored somewhere new? Again, I thought what Brian was describing was a way to backdoor the current design of Skype so that the stored IP’s (by Skype in plain text) could be obtained by people using the Skype Resolver type tools.

        It sounds like what your saying is that normally, Skype does not store IP’s in plain text but instead uses some form of “obfuscation”. By modifying the Skype client, it’s possible to make Skype store the IP in plain text which can then be retrieved using a common script written in something like PHP. Is that what you’re saying? Sorry for the back and forth, but I didn’t quite get that from Brians article or from what you replied with.

        Note to Brian: Flow charts are good and although I may be in the minority here, outside of “Skype is bad, they can get your IP!” I don’t know that I could understand the technical nuance without more detail or pictures. 🙂

        1. BrianKrebs Post author

          Flow charts ? This story is as simple or as complicated as you want it to be. Simple version: If you use Skype, I can find your IP. The services that make it stupid easy for me to do this are offered in tandem with services that let me click another button and launch a DDoS against your IP. Assuming that IP is a home user connection, I don’t care if you’re running a hardware and software firewall on the target network, the link will be filled and unable to accommodate other traffic for as long as the attacker wants to pay to keep it that way, or until your IP changes.

          1. DD

            LOL Ok!

            But where is the IP address being stored?

            I’ve read the article and all the comments and I don’t know. I get the fact that it doesn’t matter in terms of the risk introduced by this vulnerability. But assuming that I’m trying to follow along on a “slightly” technical level, which I am, does Skype normally store the IP in plain text on their own servers for the use of debugging?

            See once I start thinking about current state verses modified state, that’s where I’m lost and just start saying “what if?” over and over again. That’s where I think a picture of current vs. modified state would’ve been nice. Again, I may be in the minority for people that read this website. Many of them probably don’t care, or they already knew all this before, but I’m joe average…if you don’t spell it out for me, I don’t know.

            1. DD

              This was from the original article: “Levene said the Skype resolvers work by using a modified Skype client (5.5 or 5.9) to create a debug log. This client is hosted on a web server.

              “A simple script is used to construct a link containing a Skype username, which is passed to the modified client,” Levene said. “This client simply attempts to add the requested username to a contact list and parses the target account’s ‘information card’ (if available). This process writes the IP address of the requested username to the debug log, in plain sight.”

              When I read that I see “Modified Client gives bad guys your IP.” But I don’t really understand the mechanics of “how” this happens. I just get that people changed something and the result is that they have your IP.

              I don’t really expect to get an end to end description of how Skype source code logic works. But I thought it would be nice show a high level current state verses a high level modified state of the Skype client a little more clearly (especially when it comes to the storage of the IP Address).

              I’m slow, sorry.

  11. Janne

    Sir, i just want to tell that i have been a reader of your blog since ages ago and this is the first post i don’t agree upon or understand at all. So what that some random guy gets to know that i live in country X, have an IP Y and i get my internet from provider Z? What is the big deal? Using google advanced search you can pretty much find out more than using a skype resolver.

    By visiting your site you have probably logged my IP (now you also know i have my IP Y, use provider Z and i am from country X) plus you get to know my web browser and know what operating system i use. In that sense, visiting your site raises far more privacy concerns than using skype and now you can launch an attack against me.

    I just don’t understand what is the point of this article. This “launch an attack using skype location” scare tactic scenario you describe is so far fetched that it makes infowars.com look legit. Sorry, but this is just FUD on a bigger level.

    1. Brandon L

      Actually, its not at all a scare tactic. It can, and does happen. This is intended behavior of the Skype client (the information disclosure). The idea is that provided a user’s IP, one could direct a DoS or DDoS attack to knock that specific user offline. That is why you commonly find Skype Resolvers go hand in hand with booters.

    2. BrianKrebs Post author

      I welcome constructive criticism. Can you offer an example of what you mean when you say I can find your IP address using a Google advanced search?

      How does visiting my site (or any other for that matter) raise more privacy concerns than a Skype resolver? The fact is that if I visit a site that I’m worried about having my IP, I find a way to mask my IP. But this is not terribly practical for Skype, and the approaches I’ve seen to help people mask their IP while using Skype do not scale well and are a pain.

      Anyway, you seem to be missing the point that the people using these services are doing so with the expressed purpose of finding your IP so that they can launch attacks against you and your networks. This is not fancy or fear-mongering: they are packaged with services designed to help launch attacks. If you’re okay with that, great, but a lot of people aren’t.

      1. Janne

        Hello Sir,

        I did not mean i can find your IP with google advanced search , but with google i can find out a lot more personal information about you (your blog actually makes this task far easier and no need to google even) and launch a far more sophisticated attack. Your blog gives me your e-mail, your twitter, your facebook, so i can contact you in some manner and start a phising expedition. Actually your blog gives me almost the same amount of information as skype resolver. Since you have a PO box listed i can make the assumption you are living in the Washington DC area (same information as a skype resolver).

        But if i wanted to actually know a bit more about your PC habits i could just start a e-mail chat and ask you to visit a site. For instance “start an e-mail conversation, that i am up and coming reporter and sure could use tips on my site” and send you my site with logging set to debug.

        As i said before average web service (apache, IIS, etc) logs IP and user-agent or you can set it to log this information. Since user-agent is very specific to operating system you can pretty much tell which OS you use (yes you can obfuscate this, but a lot of people aren’t). More information than a skype resolver can ever know. With this information you can already launch a far smarter attack.

        To use skype resolver you would have to know the persons skype nick and that is mostly not available on the web. When i searched skype directory i found about 35 brian krebs, so this did not get me any closer to finding you or your IP using the skype resolver, krebs showed me yet another bunch of results with no direct indication to you, so this did not help narrow down your IP.

        I was merely saying that there are easier ways to get a persons IP and the easiest way is to let the person tell you, instead of using a a bit unreliable resolving service. For instance, if you had 3 skype clients online, home, work and third one on cloud computer. You turn your home skype client off, you turn your work skype client off and then the attacker would get an cloud IP. How would this information get the attacker closer to your location? This is why i was stating that it is a bit FUD article.

        1. BrianKrebs Post author

          Tell that to people in countries with repressive regimes, where being trackable by IP can get you killed. That’s an extreme example, but I would urge you to do some homework and try some of these resolvers for yourself. Just hope you don’t say something that upsets someone who wants to silence you online, because if you are using Skype it will not be hard for that person to find you online and fill your pipe with so much junk you can’t even surf the Web, let alone chat or make phone calls.

        2. Neej

          FUD to my understanding is commonly used to refer to or imply the possibility of scenarios that either don’t exist or are extremely unlikely.

          This problem exists. It’s offered by attack services as a means of perpetrating an attack as you read this. People do not usually expend resources setting up something that has no useful application. In this case the application would appear to be revealing the target in order to launch an online attack.

  12. LouAnnM

    Not technologically adept, is this threat a serious vulnerability for VOIP as well? Our company is switching over to VOIP and now I’m concerned about breaches and that the current firewalls will not be sound enough to prevent hackers from getting through. What do you think?

    1. Brandon L

      LouAnnM,

      Short answer: Nope, this isn’t a vulnerability that is inherent to VOIP.

      Long(er) Answer: Skype is essentially a P2P client (with some intelligent/intrusive ways of getting through firewalls see article here: http://en.wikipedia.org/wiki/UDP_hole_punching). The vulnerability itself is due to the ease by which debug logs can be enabled and viewed by an end user and thus it is inherently a Skype (and by extension, P2P client) issue.

  13. Curt Wilson

    Dear john senchak, it’s good that you have a hardware firewall that prevents attackers from reaching your internal sites, however a broadband connection can be taken offline easily by host booters, shell boaters (such as the aforementioned twbooter that’s gotten a lot of coverage lately here) that will knock you offline. It’s great that the attackers can’t get inside, but you won’t be able to get out either because your pipe will be flooded with their DDoS traffic.

  14. Chrome

    I’ve done some research on the topic.

    Here are my findings:
    ● Skype are using some obfuscation in order to ‘encrypt’ the traffic
    ● The same applies to the debugging logs
    ● Warning: there are reports that some Skype accounts have been disabled by using the ‘patched’ version of Skype SDK
    ● Brandon Levene has said nothing about either Skype, or ‘protection scheme’

    I take it that Microsoft took it right, and there is a little to none vector for this particular attack, as of today.

    PS. I am not affiliated with neither Skype, nor Microsoft. My major point is that the respected industry analysts shouldn’t seed the FUD messages, after the issue has been resolved.

    Best regards,
    Chrome

    1. Brandon L

      Chrome,

      The traffic isn’t what is being observed, its the log contents.

      The debug logs are in plain text due to the modified clients that are floating around.

      This method still works as of today [3/22/2013], thus it has not been resolved. That said, it isn’t actually “new” per se: Skype was notified back in 2011, and Microsoft have been informed since then. The significance of this information leakage is its pairing with booter services.

    2. Brian Krebs

      Wait, what? Skype/MS fixed the problem? As of when? Those screen shots in this post above were taken a day ago. The resolvers (when they were available and up) resolved just about any active Skype name I threw at them. If you’re unwilling to try this and see for yourself, you should probably avoid calling FUD.

      1. Chrome

        Mine bad!

        You are right, Brian.

        Although the site comes up with the error messages, most of the time, it does reveal some IP addresses, from time to time. And my own IP looks familiar to me.

        This is bad :o(. Something has to be done.

        Could EFF or other similar bodies be of any help?

        @Brandon L
        There are reports that Skype disables user accounts that are using patched version. Shall we put a disclaimer ‘Don’t try this at home’?

  15. Dirgster

    Question: If I have installed Skype on my computer but have not signed in to Skype to activate my account, am I still vulnerable to snoops?

    1. Cali

      If you have never signed in skype through the software, then you should be fine. Information which are retrieved are part of skype’s architecture and used to interconnect peers, that’s the main reason why they haven’t made a successful patch yet, it would probably make previous versions of skype unable to communicate with new ones.

      1. Dirgster

        When Skype loads, I never activate it by typing in my password. Then I right-click its icon on the taskbar and click “close”. Skype then prompts me, “Do you really want to quit Skype?” I click “Yes”, and its icon on the taskbar will disappear.

        Should I then be disconnected from Skype and safe from being snooped on?

        1. Robert

          Just wondering…why don’t you uninstall Skype? or stop it from autoloading?

  16. Thalassa

    Am a very intermittent user of Skype (1-2 X/qtr).

    It would seem that a good defense for a low user for the problem Brian’s identified, would be to “Uninstall” Skype after every use, and then install it again when I want to make an pre-arranged call.
    Another words, treat it like Java (install when needed for an event, then un-install). The snoops can’t use what’s not there.
    Would that work?

    1. bert wham

      If you’re a home user (which it sounds like, but one shouldn’t assume, one assumes…), you most likely have a dynamic IP assigned by your service provider. If that’s the case, you’d probably be better off rebooting your router and being assigned a new one by your ISP (though this can take a while before their DNS updates).

      1. Andrew

        Unless you have VOIP service provided by your ISP also, in which case from what I’ve seen you’re assigned a static IP.

        There are real-world applications to this information – it’s not just FUD. Previous posters have commented that you can usually find more information about a person’s locating using google. That may be true, but it’s more difficult for a random nefarious person to find your IP address. As Brian and others have pointed out, knowing someone’s IP address can enable you to perform a denial of service attack against your forward facing equipment. If you use VOIP, this would not only suspend your ability to surf the web and use cloud services but also temporarily disable your phone, which might be used for things such as notifications from your bank of sizable transfers.

        This information is very useful to a variety of nefarious actors. As highlighted by the previous two articles, people playing video games who know your Skype account (a lot of gamers use Skype to communicate) can obtain your IP from your (or say your child’s) Skype name and use that information to knock you (or your child *and* you) off the internet temporarily. Also imagine a stalker – they can see the area you visit when not at home … if this is in a shopping center with a Starbucks, they might assume (maybe correctly) that this is an area where you hang out and use Skype. That person could either follow you around from there or use tools to snoop on your bluetooth&wireless communications. The possibilities are numerous …

  17. john senchak

    Skype/Microsoft should allow internet settings for that program to allow HTTP and SSL proxy servers settings to protect the public. If the United States military is allowing their overseas serviceman to communicate with their families with Skype, how are they protecting their networks from this type of internet information leakage? I never used Skype and don’t have plans in using the program anytime in the near future.

  18. Jens

    Brian,

    Welcome to the world of games. WoW players have been dealing with DoS attacks for years and have even written handy guides to other players to avoid such annoyances. If you would have thought that games were enough motivation to commit “serious” cybercrime even two years ago we all would have laughed. It is interesting to see exactly how this generation of kids raised on 4chan behaves as they become competent enough to launch attacks. Article of reference: http://www.arenajunkies.com/topic/221417-a-guide-to-preventing-ddosing/ A quote from the article “How are WoW players being DDoSed?

    Nowadays, 99% of the WoW arena community has shifted towards using Skype for communication needs. Turns out, that it is quite simple to get an IP address from Skype, simply by knowing the individual’s Skype username. So, basically, the DDoS victim cannot realistically prevent himself from exposing his IP address to DDoSers, since obtaining a Skype username is easy.” — Mugemsz

  19. Frinker

    Using a VPN (Virtual private network) can give you a choice as to what IP address is visible to the skype resolver service.

    I looked up the skype resolver services available online as mentioned by Brian without and with a Hotspot Shield VPN. Without, the skype resolver responded back with my home IP address. With, I was shown that my IP address was in San Jose, home of Hotspot Shield.

  20. Christian

    Sorry Brian, i really respect your work, but this is nothing more than a cheap scare and not worth the buzz.
    Microsoft is absolutely right when they say its a common p2p problem. Every Chat application, thats not completely server based, has this problem (ICQ, MSN, AIM, torrentclients, and many more).
    You have 2 Options here:
    1.) use a completely serverbased System(like facbook chat, where everything is on the servers)
    2.) use a p2p system

    Pro/cons:
    1.) you arent revealing your IP to chat members, but the chatprovider can read and manipulate anything you do.
    2.) direct connections between chat members a secure, but you reveal the IP to your chatpartner.

    i guess skype shouldnt reveal your IP to contacts outside your addressbook, but getting on someones friendlist isnt that hard either.
    initiate a file transfer and then use netstat or something like that. you’ll see the IP.
    pretty easy.

    P.S.: use XMPP! 🙂

    1. BrianKrebs Post author

      The difference here Christian is that anyone can resolve your last used IP, whether or not you’re signed in. This is info not limited to just those in your contacts list or those you have chatted with or accepted files from. You just have to have signed into an account on Skype.

      1. Christian

        yeah true, they should restrict that.
        i guess I’m a little bit used to, that everything gives away your IP on the Internet 😉
        Its like a phonenumber to me, everybody can look my name up and find my phonenumber and address and in comparison IP based geolocation isnt really accurate.
        I think thats a point the providers should do something.
        There should be an option to have an IP which isnt region located, so someone could only guess your country. But with the limited ipv4 address space, that isnt really an option.
        Perhaps ipv6 will improve this.

        but skype has some deeper flaws. theres a lot obscurity and some questionable design choices, when it comes to security.
        wikipedia has some nice infos about that:
        http://en.wikipedia.org/wiki/Skype_security#Flaws_and_potential_flaws

        if you’re in need of a secure communication, skype seems a bad choice 😉

        greetings

        Christian

  21. FatUglyAutist

    Hello my boy krebs, it appears that Skype has finally been updated to prevent IPs being resolved. Obviously Microsoft was ashamed by your post and finally addressed the issue.
    Thanks Brian. x

      1. FatUglyAutist

        Unfortunately not, I have associates who have informed me that all public resolvers are no longer functioning correctly.

  22. andy

    This is why moving to ipv6 is needed, ipv4 was flawed from the very beginning lacking ipsec as standard, perhaps “one” day!

  23. Hassan

    Hi,

    Interesting article, my friends and I had been going through this problem for quite some time due to streaming on a popular website like Twitch.TV. It seems that there are script kiddies that like to essentially make someone’s life a miserable hell if they see that you’re streaming and they just don’t like you for some reason.

    DDOS attacks are becoming more and more common when there are $5 “booter” services out there that target P2P services like Xbox LIVE and the Playstation Network. If you get into a game with someone that just doesn’t like that you have a high score, or that you’ve killed them way too many times, well guess it’s your turn to be kicked offline.

    The only way we have been able to combat this sort of behavior and still be on Skype is by following a guide we found online. I encourage everyone to take a look at it as it truly makes hiding your IP from a Skype resolver essentially easy.

    I wouldn’t personally recommend using the free proxies that the website lists as an example, but I would suggest if you’re targeted by this sort of behavior to invest in a SOCKS5 proxy so if you are targeted at least the only thing that will be offline is your Skype and not your entire internet connection.

    The link to the guide is in a Imgur album: http://imgur.com/a/NpFdW

  24. Shadd

    Brian Thank you for looking into this topic, I to try to figure it out searching countless hours and web sites but never seem sure of my findings. Is there a way to talk on a phone without big bro’s nose sniffing my dirty laundry? Please help after this post I’m going to need it and no I don’t have tin foil on my walls or made into a helmet (but the thought has …..LOL). Thanks again!!

Comments are closed.