The security forums and blogosphere have been buzzing for the past few days with an 'undocumented feature' of Skype, the ability to discover the internal and external IP addresses of any Skype account currently logged in. I don't mean people on your buddy list - I mean ANYONE!
Knowledge of this is critical if you use Skype in any situations where your location needs to remain secure or simply if you are interested in personal privacy.
I've tested this and it does what it says on the tin. I was able to extract the external and internal IP's of a friend in the US to within a few miles of his house, a buddy in Asia to within a few streets and my own to just a few miles down the road. More concerningly the internal IP combined with the internet facing address provides the basis for a direct probe and then attack of any individual on Skype's global address book.
The details seem to have come initially from Russian hackers and appeared on PasteBin on April 26th but there is a site which will do it all for you. I won't copy the whole thing as there is a perl script to assist with parsing the logs but here is the gist:-
http://pastebin.com/rBu4jDm8
1. Downloading this patched version of Skype 5.5:I don't want to overstate this, but this is a big deal.
http://skype-open-source.blogspot.com/2012/03/skype55-deobfuscated-released.html
2. Turn on debug-log file creation via adding a few registry keys.
https://github.com/skypeopensource/skypeopensource/wiki/skype-3.x-4.x-5.x-enable-logging
3. Make "add a Skype contact" action, but not send add request, just click on user, to view his vcard(general info about user). This will be enough.
4. Take look in the log of the desired skypename.
The record will be like this for real user ip: -r195.100.213.25:31101
And like this for user internal network card ip: -l172.10.5.17
21:16:45.818 T # 3668 PresenceManager: aїљ noticing skypetestuser1 0x3e54a539a91a19fc-s-s65.55.223.23 :40013-r195 .100.213.25:31101-l172 .10.5.17:22960 23d23109 82f328ff
5. Catch user via whois service.
http://nic.ru/whois/?query=195.100.213.25
This is help you to get info about skype user: City, Country, Internet provider and internal user ip-address.
There is also a web site now if you don't want to bother with the log route - http://skype-ip-finder.tk/, just type in your targets Skype name and bingo, the IP's are even helpfully linked to! If they are not currently online it does not seem to provide the last known address, only if they are currently online. Please be cautious with this URL, I have not tested it for a browser payload etc and wouldn't be surprised if something nasty awaits! However, using it on a VM would be advisable.
Also if you are going to try the patched Skype be 'super' cautious and also some users have reported having their Skype accounts terminated.
I appreciate that Skype is both free and P2P meaning that IP's are often visible when in a conversation, file transfer etc but at least you are in a conversation with a 'known' person. This technique can be used by and against, anyone with a Skype account, regardless of whether they are a buddy.
I hope that Skype take a serious look at this, simply proxying contact requests would likely solve it which wouldn't be awfully hard for them. I for one really appreciate the Skype service and use it daily, however, I live in nice, reasonably safe England, not one of the many Countries where it is used for secure comms, free from Government intervention. For them alone, this needs to be solved.
12 comments:
"I hope that Skype take a serious look at this,"
Sorry for the link but as you can see Adrian Asher/Microsoft commitment equals to zero:
http://www.theregister.co.uk/2011/10/21/skype_bittorrent_stalking/
I hope that when all the world knows about this they really act instead of banned accounts or deleted messages in the forum.
Best regards.
Interesting link, thank you for that.
Nick
Thanks for sharing..!! I love your post .. I am looking more post like this one on
this blog .. this post proves really helpful for me .
Skype
Use IP Location Finder to track the detailed information of any IP such as City, Country Name, Longitude and Latitude.
I have seen some great stuff here. Worth bookmarking for revisiting. I surprise how much effort you put to create such a great informative website. Your work is truly appreciated around the clock and the globe. 192.168
192.168.l0.1
www-192-168-0-1.com
192.168.0.1
192.168.l0.1
www-19216811.com
1921.68.l.1
192.168.1.1 is one of the most common IP addresses a router network.
https://www-1921681254.com/
https://www-192-168-l0-1.com
This IP address is used by the routers like TP-Link, Netgear, D-Link uses it as the default IP
Routers are the most important devices that are required to get the internet connectivity. There are many brands and router models around the globe. Most people use multiple brand routers, they don't know how to configure them for the perfect usage. Here at router-network we have al the manuals for configuring the router login pages.
Routers are the most important devices that are required to get the internet connectivity. There are many brands and router models around the globe. Most people use multiple brand routers, they don't know how to configure them for the perfect usage. Here at router-network we have al the manuals for configuring the router login pages.
This configuration can also be used for devices like Router, Modem etc. and they are all having the initial IP address
192.168.l0.1
192.168.0.1
https://proxieswebsites.com/
Post a Comment