Does AIP-SSM help block Skype?
A. Unfortunately, the PIX/ASA is not able to block the skype traffic. Skype has the capacity to negotiate dynamic ports, and to use encrypted traffic. With encrypted traffic, it is virtually impossible to detect it as there are no patterns to look for. You could eventually use a Cisco IPS (Intrusion Prevention System)/AIP-SSM. It has some signatures that are able to detect a Windows Skype Client that connects to the Skype server to synchronize its version. This is usually done when the client is initiated the connection. When the sensor picks up the initial Skype connection, you can be able to find the person who use the service, and block all connections initiated from their IP address.
A. The PIX/ASA is not able to block the skype traffic. Skype has the capacity to negotiate dynamic ports, and to use encrypted traffic. With encrypted traffic, it is virtually impossible to detect it as there are no patterns to look for. You could eventually use a Cisco IPS (Intrusion Prevention System)/AIP-SSM. It has some signatures that are able to detect a Windows Skype Client that connects to the Skype server to synchronize its version. This is usually done when the client is initiated the connection. When the sensor picks up the initial Skype connection, you can be able to find the person who use the service, and block all connections initiated from their IP address.
