In Fire We Trust

Before some time i had problems with some of my firewalling scripts, which boiled down to:

Although i’ve colosed port 25 (well it wasn’t open), but hasn’t explicitly closed it, There were situations when i succeeded in connecting to my mailserver. Luckily the mailserver was localdelivery only. At later time i found the error which was a stupid typo (incorrectly closed multiline comment) which attributed for the problem. But today i won’t be telling for this.

I intend to orward you dear readers to the following article: How Skype & Co. get round firewalls. The article itself is quite interesting, at least for an sysadmin, and rises quite heavy questions, connected with the usage of similar products. Is it wise, secure, how much of our security is wasted this way. From this point of view, Skype already has no place in my network, and even kind-a forced me to apply PaX and additional security methods designed to deter such puncturing attempts. I am thinking of writing simple deamon along the lines and purposes of denyhosts, whom to monitor the traffic for skype calls and then to block at the border both originator and destination host, for all directions and protocols.

What is your oppinion?