Some security questions about Skype.

[Abhinav]

Hi.

 

I was doing a daily check of my network gear for any intrusions and suspicious activity and there were multiple IPs in my NAPT session. So I checked the Windows Resource monitor and found that all those IP sessions where started by Skype. Why would Skype do that? None of the IP addresses belong to any of my contacts.

 

Is anybody facing something like this?

 

I have also uploading screenshots of my router's NAPT Session and Resource Monitor

 

Abhinav

[othertomperson]

Well... all skype video interactions are intercepted and stored by the NSA and GCHQ and probably a bunch of other Intelligence agencies worldwide, so maybe that?

[Suffokation]

Skype security is literally like, nothing. No backdoors. They just leave the frontdoor fucking open.

 

I had an application a year ago that could literally get passwords if you entered a username. It was ridiculous.

 

EDIT: Also OP, don't worry about those IP addresses. Microsoft just gives out data to any intelligence agency that asks.

[thekeemo]

proabably skype servers and ad servers

[GoodBytes]

All Skype-to-Skype voice, video, file transfers and instant messages are encrypted with a 256-bit encryption with a 1536 or 2048-bit RSA certificates. That is also why Skype is very popular with many criminals, because the police cannot wiretap them with a warrant.

In addition, Skype is P2P. However, it can use Skype servers in the middle of your P2P to boost connection quality. And this is also why some people have better experience with Skype than others. And this is also where the NSA comes in. Since 2010, NSA was able to break Skype encryption and can listen to conversations in the U.S. That was done before Microsoft bought Skype which was in 2011. We don't know the extent of NSA abilities in listening to Skype chat/voice conversations.

We do know that Microsoft filters some URLs for scams and phishing. But we don't know how it works, and as tradition of Skype, no information is given about anything related to the back-end infrastructure. If this URL scan is happening at the software level before sending the text messages than that is fine. If it is at the server level that is bad, because it means Microsoft can convert the messages to human readable form, filter things out, and re-encrypt it, meaning it has a master decryption key, to break encryption that created between 2 users, meaning that key can be discovered and pose a security problem.

The IP you see are probably the middle server in your P2P connection with someone, or ad servers.

As Skype is P2P in nature, you can easily see the IP of who you connect to, meaning you can execute a DDOS attack on someone, or server location (affecting other users as well), which is illegal to do in U.S and Canada, at least.

[Abhinav]

In addition, Skype is P2P......

 

Hm.. but I have like 2 contacts. None of the IPs match to theirs.

[GoodBytes]

Hm.. but I have like 2 contacts. None of the IPs match to theirs.

Like I said they could be server in between P2P. Skype uses those to improve call quality.

When Skype asks how was your call, the survey allows Skype to know where to install additional mid-point server to improve call quality.

[Abhinav]

Like I said they could be server in between P2P. Skype uses those to improve call quality.

When Skype asks how was your call, the survey allows Skype to know where to install additional mid-point server to improve call quality.

 oh.. ok