
How Skype gets around firewalls - soundsop
http://www.heise-online.co.uk/security/features/print/82481
======
cturner

       But anyone who has used the popular internet telephony
       software Skype knows that it works as smoothly behind a
       NAT firewall as it does if the PC is connected directly
       to the internet.
    

Hmm. Someone who used skype a lot would know that its behaviour is not quite
as robust as this article might suggest. You get 'ghost sessions' when people
who are not online appear online, and sometimes the reverse - where people
come online and you just can't see them. Although in truth I can't remember
seeing any those or any other problems like that in six months now - maybe
recent versions have conquered those problems.

But while I'm complaining, it's annoying that it opens up listeners on 8080
without asking. :)

------
nickb
I use iChat/AIM/Gtalk as my primary messenger and yet I almost always end up
starting Skype when I want to send a file. Skype's amazing at hole punching.

I'm glad I don't have to deal with installable apps but if you're looking for
a GREAT library that does everything Skype does, check out STUNT from Cornell:

<http://nutss.gforge.cis.cornell.edu/stunt.php>

It's a great piece of code and works really well.

------
henning
Fog Creek's Copilot deals with this by having servers that act as a middleman
for traffic -- your interaction goes from your machine, to their server, to
the computer of the person you're connecting to. The app directly connects to
the other machine if possible.

That seems like a pretty simple way to do things although I'm not sure how
hard it would be to keep servers running for a substantial userbase.

~~~
staunch
That's just dumb proxying. Skype is saving millions of dollars by not doing
that themselves.

~~~
andreyf
Not just simple proxying, but also a bit of questionable privacy practice.
Granted, most users don't care about their privacy, but might it have some
sort of legal implications? Also, latency starts to suck if two people far
away from the proxy are trying to use it.

~~~
wmf
Privacy is solved with end-to-end crypto and latency is somewhat solved by
putting supernodes in every large university.

------
maximilian
I've heard that skype uses more trickery than just busting through the
firewall - Like routing multiple outbound connections through one computer to
keep firewall holes to a minimum.

~~~
rufo
Yes - Skype does attempt to use the technique in the article, but it's far
more sophisticated than that...

Skype was written by a bunch of the programmers from Kazaa, and the Skype
network is essentially P2P; people who connect to the Skype network with
especially good connections may become supernodes and will act as data relays
for nodes having problems with other connection methods.

<http://en.wikipedia.org/wiki/Skype_Protocol> has a fairly detailed
description, for those who might be interested.

~~~
markbao
Oh, wow. Now I see the Skype/Kazaa connection. Brilliant.

~~~
andreyf
Brilliant on one hand, unethical on the other. By using their application, I
consent they use my bandwidth to carry other people's phone calls?

~~~
schtog
Why not if it says so in the ToS? Or it doesn't?

~~~
rufo
I'm sure they've covered their bases. They're not negligent.

I think they only very recently added a checkbox to opt-out of being a
supernode though, the lack of which I found rather annoying.

