There are rumours that skype has been subject to a (D)DoS attack, although network/code analysis such as thesepresentations (two PDFs) from recon 2006 seems to indicate that skype may have introduced their own DDoS simply by the way they designed the (propreitary and very secret) skype protocol to talk to the top login servers all the time and to require, at least as I undertsand it, for the login servers to have to do a lot of cryptographic key generation. It also seems to me that a DoS attack ought to be possible by forcing the login servers to calculate these keys and then not move onto the next stage but restart from the beginning. I don't know if there is a DoS attack but it is possible that the DoS attack started it off.
As the Reg points out, traditional telcos are laughing, but I'll be honest I think their laughter is rather nervous because the skype folks are unlikely to repeat whatever error they made here (and if its a DoS attack then if skype can enhance some of the P2P stuff to reduce the load on the login servers then I suspect future attacks will fail miserably. Telcos don't have quite the same luxury to re-engineer their stuff when a vulnerability is found...
Blog Home : August 2007 : Permalink