cancel
Showing results for 
Search instead for 
Did you mean: 
fwmonitor
Level 7

Skype AppID is missing in MWG7.2.0

Hello,

the Application Control was introduced in 7.1.6 with Skype in Voip, filesharing, p2p and IM Groups. In 7.2.0 I can not find Skype anymore.

Can 7.2.0 detect, block or allow Skype traffic? Is it possible to block skype generally but allow Skype for some users only?

regards

0 Kudos
11 Replies
McAfee Employee

Re: Skype AppID is missing in MWG7.2.0

We are currently looking into this.

You also might want to look at https://community.mcafee.com/community/business/email_web/webgateway/blog/2010/09/06/skype-and-faceb...

As SKYPE is a network invasive protocol and requires more steps then just web gateway.

Michael

0 Kudos
Troja
Level 14

Re: Skype AppID is missing in MWG7.2.0

HI all,

is there a timeframe when this will be implemented again?? I need this feature for a MWG for a POC.

In fact, Skye is using a non standard SSL protocol. When inspecting SSL traffic then skype should not be able to access internet. Is this true or not? Or i am a litte bit blue-eyed? :-)

Cheers,

Thorsten

0 Kudos
asabban
Level 17

Re: Skype AppID is missing in MWG7.2.0

Hi Thorsten,

SSL Scanner enabled -> No Skype

SSL Scanner disabled -> Yes Skype :-)

The problem with Skype is that there is no way to identify its traffic reliably (yet). So at the moment there is no way to allow Skype through MWG, while leaving SSL Scanner enabled for "normal" SSL sites. The only way to bypass SSL Scanner would be whitelisting by IP, which is hard since Skype uses P2P technologies. Hopefully we will have something in the future as part of the MWG (I think Skype detection works fine in the Firewall today).

Best,

Andre

0 Kudos
McAfee Employee

Re: Skype AppID is missing in MWG7.2.0

Thorsten,

correct. SKYPE is using a proprietary encryption which in case SSL decryptio is used wil break. I'll give you a call to chat about your requirement for SKYPE.

thanks,

Michael

0 Kudos
Troja
Level 14

Re: Skype AppID is missing in MWG7.2.0

Hi volks,

thanks for the answer. Will Skype be available in the future again?

I tested this ruleset for me. I thin Skye skhould work when adding the rule.

Btw, i would combine this with a client.ip.

Cheers,

Thorsten

Nachricht geändert durch Troja on 09.05.12 14:19:57 MESZ
McAfee Employee

Re: Skype AppID is missing in MWG7.2.0

The signature in the sigset was focused on a network centric detection of the protocol, which will only work on a firewall or IDS system. The pattern simply didn't provide benefit for the proxy model MWG is using. However, the steps included in this post will allow blocking Skype. The referenced blog post illustrates this further.

We are looking into further phases to expand the App Control to also include network centric detections, but for now the focus remains on web applications.

Michael

0 Kudos
anirajstha
Level 7

Re: Skype AppID is missing in MWG7.2.0

Thank you very much Troja, Skype worked in my environment as well.

fwmonitor: Is it possible to block skype generally but allow Skype for some users only?

Think it is. Please test it and let us all know..

Suggestions are heartly welcome!!

domain+skype+specific+IPs.PNG

Best Regards,
Niraj

Message was edited by: anirajstha on 10/3/13 10:14:34 AM CDT
McAfee Employee

Re: Skype AppID is missing in MWG7.2.0

I'm just noticing this now, but for everyone who created a rule using "SSL.Server.Handshake.CertificateIsRequested" should not being doing this.

In effect, you are just bypassing SSL scanning in the event that a client certificate is NOT requested (which is most SSL traffic).

Best,

Jon

anirajstha
Level 7

Re: Skype AppID is missing in MWG7.2.0

Hello Jon Scholten,
Thank you for the suggestion.
Can you please suggest the best rules that I am actually trying accomplish as seen on my snapshot?

Thank you very much in advancec.


Best Regards,

Niraj

0 Kudos