What is skype doing?
August 7, 2006 3:45 PM   Subscribe

I suspect it's calling-home so that you can be reachable. If your mac never checks with the central switchboard, how can it know someone wants to call you?

See this page on skype's non-calling bandwidth usage...

skype support
posted by nomisxid at 3:49 PM on August 7, 2006

skype does some p2p magic to traverse NAT.
posted by rbs at 3:50 PM on August 7, 2006

Skype is very aggressive in attempting connections to as many hosts as possible for its P2P capabilities. If you use the official client with the incoming port open, your client can also automatically become a supernode at any time. If you wish to use Skype, you pretty much have to allow all network traffic to the application.
posted by aye at 3:52 PM on August 7, 2006

I can't tell you exactly what it's doing but I can tell you why you get a huge list of outgoing connection attempts. Skype is designed to be port agnostic. It's basically looking for an unfirewaled port between you and wherever it's trying to connect.
posted by cm at 3:53 PM on August 7, 2006

This may not be true anymore, but if you are lucky enough to be on a fast open connection, other people's Skype traffic can be transferred through your computer, and your Skype client may be making the necessary connections for this to happen. (They do this to facilitate peer-to-peer connections between Skype users who are behind NAT/firewalls/whatever.)

This could explain why you seem to be connecting to another Joe's computer even though you're not actually placing a call.
posted by chrismear at 4:04 PM on August 7, 2006

Please don't use silly personal firewall-like programs that you don't understand. You just scare/bother yourself for no good reason.

I mean, if you use an Internet application, of course it's going to want to connect out to the Internet -- it hardly seems unexpected. If Skype was doing anything dodgy, people would have been all over it long ago.
posted by reklaw at 5:11 PM on August 7, 2006

reklaw; it's hardly silly to know what your computer is trying to do. As for not understanding it, that's precisely what this question is for - to increase londongeezer's understanding of the network requirements of Skype. Your criticism is hardly warranted.
posted by odinsdream at 5:46 PM on August 7, 2006

Actually, I think it is. Consider:

1. User installs silly firewall program.
2. User installs normal Internet program.
3. Silly firewall program goes off all "alert! alert! omg hacking teh gibsons! upgrade to Pro version!"
4. User wonders what the hell is going on and goes and asks questions about it.

Now, it's quite easy to see that the user could have avoided a whole lot of stress for themselves and bothering of others if they'd just avoided the silly firewall program to begin with. I think suggesting that people stay away from such programs if they don't understand their output is a perfectly reasonable suggestion -- what's the point of installing something that does nothing but scare you?
posted by reklaw at 5:53 PM on August 7, 2006

It hardly seems that it's "Little Snitch" that the questioner doesn't understand. Especially when he asks "Why does skype want to make these connections?"

The OP seems to understand exactly WHAT is happening, just not WHY. The problem isn't Little Snitch, the problem is Skype. While I'll agree that a vast majority of the soft-firewalls are very silly and unnecessary, the OP's ignorance isn't about how his silly firewall works, he's ignorant of the fact that Skype uses P2P as it's method of transferring data across the internet.

(on preview... did i repeat that enough, sheesh)
posted by hatsix at 7:17 PM on August 7, 2006

reklaw; you don't know much about little snitch. It's a very unobtrusive program, and doesn't try to sell itself by scaring its users. The paid version differs from the free version only because it doesn't include a 15 minute timeout.

So, your theory that this question is motivated by the asker having been scared by Little Snitch is silly.
posted by odinsdream at 9:13 PM on August 7, 2006

This sounds just like the messages Kerio gives me when I run BitTorrent programs. (Never have been able to set a rule that would stop it from happening, so I just disable the firewall while using BitTorrent. Ah well.)

My guess is that Skype uses a similar P2P connection method to BitTorrent—I feel like I read something that said that was the case, but it's been a while since I read about Skype.
posted by limeonaire at 9:18 PM on August 7, 2006

odinsdream, even the name of the program is based on the incorrect assumption that there's something out there worth snitching on. And it's useless at it's job. Once you've clicked "allow" once, a program is pretty much free to email all your personal files to whoever it likes. Its only purpose is to give novice users a false sense of security/superiority.

(I'm also philosophically opposed to it because it's based on the assumption that software should not make use of the ridiculous levels of connectivity available today)
posted by cillit bang at 9:43 PM on August 7, 2006

cillit bang; the option is not only allow or disallow, but which server, type of connection, which program, and so on. So, for instance, I can disable certain types of access for Office running on a mac that allow it to "find" other copies of itself running on the LAN, and disable all but one. This is annoying to me, so I turn it off, and Little Snitch facilitates this.

There's no false sense of security, either. If you install a program and I don't want to report usage statistics to your personal site, I disable access to just your internet server from your program. I can still go to your server with another program, like Firefox, and your installed program can still perform its other functions, whatever they may be.

Little Snitch does exactly what it is designed to do, and doesn't try to sell itself by scaring its users, as I previously said. If you have a philosophical objection to firewalls in general, that's absurd, because, as we all know, this isn't about stopping programs we like and trust, it's about stopping programs we didn't know about, doing things we didn't expect or want them to do. This level of control is sensible to have, as long as you're up to learning the networking basics, which the asker is trying to do.
posted by odinsdream at 3:06 PM on August 8, 2006

All I can say is that you've obviously never had friends and family who've installed these stupid, scummy programs and then called you up scared that the Interweb haxors have stolen all their credit card numbers or something. I agree that people should learn about networking, but if they actually did, I doubt they'd continue to use such programs -- they're incredibly trivial to defeat.
posted by reklaw at 4:59 PM on August 8, 2006

Check out this article, especially the part around and including this para:

The way Skype handles this so-called "NAT traversal" problem is by inserting a server in the middle that can be seen by connections at both ends. This server for Skype is called a "super node" and may well be inside your computer without your knowledge, because Skype super nodes use borrowed bandwidth and processing power. Lucky us.
posted by swapspace at 11:30 PM on August 8, 2006

Wow, Cringley really doesn't know what he's talking about. "Super nodes" "inside" my computer? Absolutely ludicrous -- and exactly the kind of ignorant scaremongering that I'm trying to argue against here.

Skype doesn't do anything at all over the Internet until you open it. Then you may be acting as a peer (using some of your bandwidth) to help someone else's call, perhaps. That's how peer-to-peer works, and why Skype can get in and out of home networks without Skype having to buy a huge number of extra servers and push the cost of their service way up. It's no different to opening up BitTorrent, or any other peer-to-peer program.

"Inside your computer without your knowledge"? Give me strength.
posted by reklaw at 2:36 AM on August 9, 2006

reklaw; I'm finding it difficult to argue reasonably with you when you insist that the programs themselves are "stupid" and "scummy." The only reasonable part of your position is your argument that stupid users are annoying. As far as that goes, I agree with you. But, what the hell kind of argument is that?

I've already given several examples of ways Little Snitch in particular has been useful to me, and I've countered your assertion that the program is at all like other "scummy" firewalls on the Windows side of things that intentionally use scaremongering to sell "pro" versions to stupid users. You have ignored all of these things I've said in favor of simply reiterating your hatred for stupid users. Bravo.
posted by odinsdream at 5:02 AM on August 9, 2006

Don't get me wrong: I have nothing against stupid users. I feel sorry for them, being sold these kind of programs (and you admit that there is a paid version).

Basically, my point is twofold:

1. These programs warn of completely normal and expected network activity and upset people unnecessarily.
2. When it comes to protecting against actual nasty things, they are extremely trivial to circumvent. Often a program can simply spawn a hidden web browser window with yoursite.com/yourscript?data=allyourprivatedatahere, and such programs won't do a thing to warn you -- but there are plenty of more sophisticated ways than that to fool even the more advanced software.

Fine if you use it to 'arrr pirate' Mac Office -- perfectly good use of such things. That doesn't change the fact that it's useless from a security point of view, which is what most people are going to be using it for. With that in mind, I think the appropriate response to anyone who asks a question about such programs is to warn them off from using them.
posted by reklaw at 6:27 AM on August 9, 2006

Don't get me wrong: I have nothing against stupid users. I feel sorry for them, being sold these kind of programs (and you admit that there is a paid version).

This is amazing. Yes, yes I admit there is a paid version. As I said above, the only difference is that the free one is a trial, and will run for 15 minutes. You can restart it as many times as you like. The dialog boxes and warnings are identical in both versions. What exactly do you have against the fact that there's a trial version available?

1. Sure, the traffic may be "completely normal" for the program, but if it's undesired, a user should have control of that; not the programmer of the software. That is what Little Snitch enables - useful filtering.

2. Circumvention is always possible. This does not mean we shouldn't be vigilant. As for spawning a "hidden web browser," I'd love to see a proof-of-concept of this written for Mac OSX that doesn't also cause Little Snitch to pop up a dialog.
posted by odinsdream at 6:31 PM on August 9, 2006

You can surely see that a program you have to restart every fifteen minutes is pretty much useless -- it's just a trial, not a free program. It's clearly in their interest to make it look like it does something useful, so you'll buy it. Look at their site. They claim that the program "protects you from trojans, worms, and other network parasites" -- a claim which is patently false. Fine if they've written a thing that lets you see/control what programs are sending around, because that's useful, but claiming it's security software is misleading at best.

And, obviously, I have no experience with this specific firewall so can't offer a specific exploit -- but there are ALWAYS ways to circumvent these things, even if it's as crude as adding a command to delete them to the startup script or something (looks like the "Opener" malware managed this a few years back), or some kind of social engineering attack that encourages you to click that 'Yes, let this connect' button (not too hard when the user doesn't understand networking anyway). You simply can't rely on programs on your computer to protect you from malware -- once it's on there, it's already too late.
posted by reklaw at 3:35 AM on August 10, 2006

« Older I need authoritative sources o...   |   A potential employer wants to ... Newer »

This thread is closed to new comments.