When looking at firewall logs I saw that some lan machines with skype connect to TCP/UDP highports for p2p transfer. But there was also one strange connect: the skype box A wanted to connect another box B on our internal net.
* Could it be the caller has the same local net ip range, his box has IP B. When calling skype on host A, A wants to connect to B but on the net of the person called (net of A). * If yes, could that be used for scanning? start a machine on an IP in the netrange of A, then let skype open a server socket on the local machine (or even try to make it open the port on 8080, 139 or 445). Bring the machine to the net via NAT, and call any person in the remote net. If machine does not exists (packets lost), establishment of p2p may take longer. If port not open, shorter time for establishment?? I did not test the scanning mechanism, so these are all assumptions, but I want to know if someone has already made some research in that direction _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/