Skype and Port 20466

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Skype and Port 20466

Fritz Mills
Recently, Little Snitch has started asking me if I want to allow incoming connections to Skype on port 20466 from various IP addresses. Officially Skype does not use port 20466 so I have been denying all these requests. I wonder if there is a bug in Skype that allows an outsider to get into a machine running Skype by accessing Skype through port 20466. Has anyone else seen anything like this out there and/or does anyone have any idea what could possibly be going on?





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Roger D. Parish
Have you asked the good folks that make Little Snitch?

Roger D. Parish
Lovettsville, VA



> On Aug 15, 2017, at 1:52 PM, Fritz Mills <[hidden email]> wrote:
>
> Recently, Little Snitch has started asking me if I want to allow incoming connections to Skype on port 20466 from various IP addresses. Officially Skype does not use port 20466 so I have been denying all these requests. I wonder if there is a bug in Skype that allows an outsider to get into a machine running Skype by accessing Skype through port 20466. Has anyone else seen anything like this out there and/or does anyone have any idea what could possibly be going on?




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills

> On Aug 15, 2017, at 4:12 PM, Roger D. Parish <[hidden email]> wrote:
>
> Have you asked the good folks that make Little Snitch?
>
> Roger D. Parish
> Lovettsville, VA
>
>
>
>> On Aug 15, 2017, at 1:52 PM, Fritz Mills <[hidden email]> wrote:
>>
>> Recently, Little Snitch has started asking me if I want to allow incoming connections to Skype on port 20466 from various IP addresses. Officially Skype does not use port 20466 so I have been denying all these requests. I wonder if there is a bug in Skype that allows an outsider to get into a machine running Skype by accessing Skype through port 20466. Has anyone else seen anything like this out there and/or does anyone have any idea what could possibly be going on?
>
>
I’m not sure what to ask the Little Snitch folks. The purpose of their software is to notify me of unusual Internet activity and to stop it unless I agree to it. And it does its job: it tells me whenever an IP address on the Internet wants to connect, on an incoming basis, to Skype via a port that Skype doesn’t normally use. It means that someone on the Internet has figured out that I have a copy of Skype running, and they want to connect to my copy of Skype on a port that Skype doesn’t normally use. And this is activity I’ve never seen before, although I’ve run Skype for many years. So the thought occurred to me that maybe someone has figured out a way to exploit a bug in Skype to turn on my mic and/or camera or, worse, to plant some other kind of malware on my machine. And to do it, they have to start by getting Skype to accept an incoming connection on port 20466. So my question is whether or not anyone else has seen this activity or has some idea what might be going that is more educated than any of my guesses. I am going to start keeping track of the specific IP addresses (because it comes from a lot of different addresses) that request this access to see if there’s anything unusual about them.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fearghas McKay


> On 16 Aug 2017, at 02:13, Fritz Mills <[hidden email]> wrote:
>
> I’m not sure what to ask the Little Snitch folks


The new version has a button that lets you access a dB of what Little Snitch thinks is happening.

        f


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills

> On Aug 15, 2017, at 7:19 PM, Fearghas Mckay <[hidden email]> wrote:
>
>
>
>> On 16 Aug 2017, at 02:13, Fritz Mills <[hidden email]> wrote:
>>
>> I’m not sure what to ask the Little Snitch folks
>
>
> The new version has a button that lets you access a dB of what Little Snitch thinks is happening.
>

Wow! For some reason I wasn’t aware there was a v.4, and I’ve just upgraded. I’ll look for that button, but the interface has changed quite a bit. In the meantime, LS 3’s configuration showed me the IP addresses I’ve blocked so far, and there are eight of them. Doing trace routes I learned that:

2 are in the UK, and the rest are from Romania, Hungary, Brazil, Lithuania, Poland and Canada.

Given that lineup, I’m more suspicious than ever that it is an attempt at some sort of malware. I’ll mention it to Skype.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Curtis Wilcox
In reply to this post by Fritz Mills
On Aug 15, 2017, at 8:13 PM, Fritz Mills <[hidden email]> wrote:

On Aug 15, 2017, at 1:52 PM, Fritz Mills <[hidden email]> wrote:

Recently, Little Snitch has started asking me if I want to allow incoming connections to Skype on port 20466 from various IP addresses. Officially Skype does not use port 20466 so I have been denying all these requests. I wonder if there is a bug in Skype that allows an outsider to get into a machine running Skype by accessing Skype through port 20466. Has anyone else seen anything like this out there and/or does anyone have any idea what could possibly be going on?

I’m not sure what to ask the Little Snitch folks. The purpose of their software is to notify me of unusual Internet activity and to stop it unless I agree to it. And it does its job: it tells me whenever an IP address on the Internet wants to connect, on an incoming basis, to Skype via a port that Skype doesn’t normally use.


I don't use Little Snitch, if another computer is requesting to connect to port 20466 on your computer, how does Little Snitch know the remote computer is expecting Skype to be listening at that port number?

It means that someone on the Internet has figured out that I have a copy of Skype running, and they want to connect to my copy of Skype on a port that Skype doesn’t normally use.


A) A lot of malicious activity is not targeted, they may not know you have Skype running, they may be checking lots of ip addresses for an open port.
B) Even without Little Snitch running, if Skype isn't listening at port 20466, the remote user can't connect to it.

BTW, is the request for port 20466 TCP or UDP? 

I found a page that says "Ground Control" uses UDP ports 20000-21000. I think they're referring to an old Windows game. Maybe the ip address assigned to you by your ISP changed to one that used to be used by someone who ran this multi-player game.






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Roger D. Parish
In reply to this post by Fritz Mills
Thinking further on this, do you have a router between you and the Internet, or do you plug your computer directly in?

If you had a router, it would block unsolicited attempts to connect to your computer. If your computer sees the connection attempt, as evidenced by Little Snitch alerting you, your router must be expecting a return connection at that port.And if Little Snitch is associating Skype with that connection attempt, Skype must have made that request.

Roger D. Parish
Lovettsville, VA



> On Aug 15, 2017, at 1:52 PM, Fritz Mills <[hidden email]> wrote:
>
> Recently, Little Snitch has started asking me if I want to allow incoming connections to Skype on port 20466 from various IP addresses. Officially Skype does not use port 20466 so I have been denying all these requests. I wonder if there is a bug in Skype that allows an outsider to get into a machine running Skype by accessing Skype through port 20466. Has anyone else seen anything like this out there and/or does anyone have any idea what could possibly be going on?




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Mr. Seth Anderson
In reply to this post by Curtis Wilcox

On Aug 16, 2017, at 9:20 AM, Curtis Wilcox <[hidden email]> wrote:

A) A lot of malicious activity is not targeted, they may not know you have Skype running, they may be checking lots of ip addresses for an open port.

I don’t use Skype, but on my machine, Little Snitch does report hundreds and hundreds of attempted smbd connections from strange locations. I eventually just blocked them all (I’m not totally certain why I would need smbd, but since it is /usr/sbin I assume there could be some valid use for it for someone not me.)

Perhaps the attempted Skype connections are random like this. Little Snitch 4 has a nice, informative global map to visually inspect these connections: I like to keep it running just for the eye-candy of it all



-Seth Anderson
sursum vestri culus

often found at 

or





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Roger D. Parish
smbd is for Windows file sharing. And it is also the starting point for the recent WannaCry plague. On your Mac (and in Linux), the daemon is also known as SaMBa.

Roger D. Parish
Lovettsville, VA



> On Aug 16, 2017, at 10:44 AM, Mr. Seth Anderson <[hidden email]> wrote:
>
>
>> On Aug 16, 2017, at 9:20 AM, Curtis Wilcox <[hidden email]> wrote:
>>
>> A) A lot of malicious activity is not targeted, they may not know you have Skype running, they may be checking lots of ip addresses for an open port.
>
> I don’t use Skype, but on my machine, Little Snitch does report hundreds and hundreds of attempted smbd connections from strange locations. I eventually just blocked them all (I’m not totally certain why I would need smbd, but since it is /usr/sbin I assume there could be some valid use for it for someone not me.)
>
> Perhaps the attempted Skype connections are random like this. Little Snitch 4 has a nice, informative global map to visually inspect these connections: I like to keep it running just for the eye-candy of it all
>
>
>
> -Seth Anderson
> sursum vestri culus
>
> often found at
> http://www.b12partners.net/wp/
>
> or
>
> http://www.twitter.com/swanksalot
>
>
>
> ____________TidBITS Talk Participation Guidelines____________
> Post only when you have something substantive to contribute.
> Be polite and constructive, and comment on posts, not people.
> Quote sparingly, if at all. We all read the previous message.
> Start threads with a new message to [hidden email].
> Read archives at: http://tidbits.com/pipermail/tidbits-talk/
> Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
> ____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills
In reply to this post by Curtis Wilcox

On Aug 16, 2017, at 9:20 AM, Curtis Wilcox <[hidden email]> wrote:



I don't use Little Snitch, if another computer is requesting to connect to port 20466 on your computer, how does Little Snitch know the remote computer is expecting Skype to be listening at that port number?

I don’t know how Little Snitch works, but I don’t think Skype is intended to be listening. From Skype’s support:

For Skype to work correctly, the following ports need to be open in your firewall:

  • 443/TCP
  • 3478-3481/UDP
  • 49152-65535/UDP + TCP
I don’t see 20466 as being included in that listing.


B) Even without Little Snitch running, if Skype isn't listening at port 20466, the remote user can't connect to it.

Unless there’s a bug in Skype’s code that someone has figured out they can exploit by connecting


BTW, is the request for port 20466 TCP or UDP? 

I don’t know

FWIW, none of the connection attempts originated in the US. They came from Romania, Lithuania, Hungary, Poland, Brazil, the UK, and Canada.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills
In reply to this post by Roger D. Parish
As it turns out, all the attempts occurred at my father’s house, where he has a Comcast modem and that’s it. At my house, where I have a SonicWall firewall, I have never seen this activity. Maybe I should look at the SonicWall logs.


> On Aug 16, 2017, at 9:34 AM, Roger D. Parish <[hidden email]> wrote:
>
> Thinking further on this, do you have a router between you and the Internet, or do you plug your computer directly in?
>
> If you had a router, it would block unsolicited attempts to connect to your computer. If your computer sees the connection attempt, as evidenced by Little Snitch alerting you, your router must be expecting a return connection at that port.And if Little Snitch is associating Skype with that connection attempt, Skype must have made that request.
>
> Roger D. Parish
> Lovettsville, VA
>
>
>
>> On Aug 15, 2017, at 1:52 PM, Fritz Mills <[hidden email]> wrote:
>>
>> Recently, Little Snitch has started asking me if I want to allow incoming connections to Skype on port 20466 from various IP addresses. Officially Skype does not use port 20466 so I have been denying all these requests. I wonder if there is a bug in Skype that allows an outsider to get into a machine running Skype by accessing Skype through port 20466. Has anyone else seen anything like this out there and/or does anyone have any idea what could possibly be going on?
>
>
>



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Curtis Wilcox
In reply to this post by Fritz Mills
On Aug 16, 2017, at 11:51 AM, Fritz Mills <[hidden email]> wrote:

On Aug 16, 2017, at 9:20 AM, Curtis Wilcox <[hidden email]> wrote:

I don't use Little Snitch, if another computer is requesting to connect to port 20466 on your computer, how does Little Snitch know the remote computer is expecting Skype to be listening at that port number?

I don’t know how Little Snitch works, but I don’t think Skype is intended to be listening. From Skype’s support:

For Skype to work correctly, the following ports need to be open in your firewall:

  • 443/TCP
  • 3478-3481/UDP
  • 49152-65535/UDP + TCP
I don’t see 20466 as being included in that listing.


Looks like you copied that from this page, which is about Skype for Windows:


I didn't find a page about ports for Skype on the Mac. I don't think Skype requires any incoming firewall ports open anyway, it can work with all clients reaching out to Microsoft servers, past their respective firewalls and NAT routers. Back in the day, I think Skype used to attempt peer-to-peer connections but after buying it, Microsoft changed it to always use they servers as an intermediary. You don't have any ports open in your SonicWall firewall at home specifically for Skype, right?


B) Even without Little Snitch running, if Skype isn't listening at port 20466, the remote user can't connect to it.

Unless there’s a bug in Skype’s code that someone has figured out they can exploit by connecting


If Skype isn't already listening on port 20466, the malicious code can't connect to it. In TCP/IP networking, first you have to connect to a port, then you can talk to a program connected to that port. But a port doesn't even exist on your computer until a program opens it (including programs that are a part of the OS).

If someone has already exploited Skype on your computer, say by taking advantage of a hypothetical buffer overflow bug triggered by a profile picture, then maybe they could make Skype *start* listening on port 20466 but it would already be too late, it's already exploited.

BTW, is the request for port 20466 TCP or UDP? 

I don’t know


I would expect Little Snitch to differentiate between 20466/TCP and 20466/UDP but if this all happened in another location and if Little Snitch doesn't log all of these notifications, I guess you can't tell at the moment.

I'm still puzzled why Little Snitch associated the connection attempt on that port with Skype. Maybe it was just making an educated guess.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills

On Aug 16, 2017, at 5:42 PM, Curtis Wilcox <[hidden email]> wrote:

On Aug 16, 2017, at 11:51 AM, Fritz Mills <[hidden email]> wrote:


I don’t know how Little Snitch works, but I don’t think Skype is intended to be listening. From Skype’s support:

For Skype to work correctly, the following ports need to be open in your firewall:

  • 443/TCP
  • 3478-3481/UDP
  • 49152-65535/UDP + TCP
I don’t see 20466 as being included in that listing.


Looks like you copied that from this page, which is about Skype for Windows:



Yes, I did. Like you, I searched for the Mac specific page and that’s the page that Skype support kept taking me to.

I didn't find a page about ports for Skype on the Mac. I don't think Skype requires any incoming firewall ports open anyway, it can work with all clients reaching out to Microsoft servers, past their respective firewalls and NAT routers. Back in the day, I think Skype used to attempt peer-to-peer connections but after buying it, Microsoft changed it to always use they servers as an intermediary. You don't have any ports open in your SonicWall firewall at home specifically for Skype, right?

Right



I'm still puzzled why Little Snitch associated the connection attempt on that port with Skype. Maybe it was just making an educated guess.


Yeah. Me too. That’s why I asked the question. Thanks for your explanation.





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Al Varnell
On Thu, Aug 17, 2017 at 02:50 PM, Fritz Mills wrote:
On Aug 16, 2017, at 5:42 PM, Curtis Wilcox wrote:
I'm still puzzled why Little Snitch associated the connection attempt on that port with Skype. Maybe it was just making an educated guess.

Yeah. Me too. That’s why I asked the question. Thanks for your explanation.

Little Snitch doesn't need to guess about any of this. It's very accurate and the information that drives it can be easily obtained by anybody using Activity Monitor. All port request must be associated with a Process ID (PID) which can be directly associated with a specific app or process. IF LS says it is Skype that is requesting a specific port number, then that's exactly what is happening.

I cleared all my LS rules and started over to see if 20466 ever shows up on my setup and will report if it does. Not really a Skype user, so my experience may not match yours.

-Al-
-- 
Al Varnell
Mountain View, CA







____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Curtis Wilcox
On Aug 17, 2017, at 10:40 PM, Al Varnell <[hidden email]> wrote:

>
> On Thu, Aug 17, 2017 at 02:50 PM, Fritz Mills wrote:
>> On Aug 16, 2017, at 5:42 PM, Curtis Wilcox wrote:
>>> I'm still puzzled why Little Snitch associated the connection attempt on that port with Skype. Maybe it was just making an educated guess.
>>
>> Yeah. Me too. That’s why I asked the question. Thanks for your explanation.
>
> Little Snitch doesn't need to guess about any of this. It's very accurate and the information that drives it can be easily obtained by anybody using Activity Monitor. All port request must be associated with a Process ID (PID) which can be directly associated with a specific app or process. IF LS says it is Skype that is requesting a specific port number, then that's exactly what is happening.
>
> I cleared all my LS rules and started over to see if 20466 ever shows up on my setup and will report if it does. Not really a Skype user, so my experience may not match yours.



According to Frtiz, Little Snitch was reporting that remote ip addresses were requesting to connect to port 20466, he didn't say that Skype was listening on that port number. I don't use Little Snitch, are you saying it will only associate a port number with an application if that application is listening on that number at that moment?

You can see what ports Skype (or anything else) is using (including simply listening without an active connection to another ip address) to by opening the Terminal and running the command 'nettop'. Use the down arrow key to scroll through the list of processes and their open ports (page down to skip a screen at a time). Widen the Terminal window to see more information, like bytes in and out on a per-process and per-connection basis. Press 'q' to quit.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills

> On Aug 18, 2017, at 7:14 AM, Curtis Wilcox <[hidden email]> wrote:
>
>
> You can see what ports Skype (or anything else) is using (including simply listening without an active connection to another ip address) to by opening the Terminal and running the command 'nettop'. Use the down arrow key to scroll through the list of processes and their open ports (page down to skip a screen at a time). Widen the Terminal window to see more information, like bytes in and out on a per-process and per-connection basis. Press 'q' to quit.
>
>


I just tried that and Skype _does_have_ port 20466 open for both TCP and UDP. Because I’ve blocked both, neither is connected to an external IP address (four other open ports are connected to external IP addresses. Those ports range from 49805 to 49924). The state for 20466 TCP is “listening”, the state for UDP is blank. But the UDP port shows 20 KiB in and 47 KiB out, while the TCP port shows no activity. FWIW, the machine has been rebooted since I blocked the port, so I’m not sure how that activity has occurred.

In any event, Skype is working properly with the 20466 blocked (I don’t use it that often, but I just tested it).




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Curtis Wilcox
On Aug 20, 2017, at 4:02 PM, Fritz Mills <[hidden email]> wrote:

> I just tried that and Skype _does_have_ port 20466 open for both TCP and UDP. Because I’ve blocked both, neither is connected to an external IP address (four other open ports are connected to external IP addresses. Those ports range from 49805 to 49924). The state for 20466 TCP is “listening”, the state for UDP is blank. But the UDP port shows 20 KiB in and 47 KiB out, while the TCP port shows no activity. FWIW, the machine has been rebooted since I blocked the port, so I’m not sure how that activity has occurred.
>
> In any event, Skype is working properly with the 20466 blocked (I don’t use it that often, but I just tested it).



I don't think it was asked before but in your Skype Preferences, Advanced, is 20466 set as your Incoming connection port? For me, the port number specified there is the only one Skype is listening to (TCP & UDP) on IPv4 that can be reached (udp4 127.0.0.1:60032 and udp6 *.60033 are open but not reachable). When you're home, you're behind your network's firewall that's blocking 20466 anyway. The requests Little Snitch blocked was while you were at your father's and directly connected to the cable modem.

I'm not sure what Skype still uses direct connections for, maybe something like file transfers or screen sharing. It's probably meant to be used while a call is underway but I wouldn't be surprised if people have found exploits through it. You could check the box to only allow direct connections from your contacts as another layer of defense.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills

> On Aug 21, 2017, at 11:55 AM, Curtis Wilcox <[hidden email]> wrote:
>
> I don't think it was asked before but in your Skype Preferences, Advanced, is 20466 set as your Incoming connection port? For me, the port number specified there is the only one Skype is listening to (TCP & UDP) on IPv4 that can be reached (udp4 127.0.0.1:60032 and udp6 *.60033 are open but not reachable). When you're home, you're behind your network's firewall that's blocking 20466 anyway. The requests Little Snitch blocked was while you were at your father's and directly connected to the cable modem.
>
> I'm not sure what Skype still uses direct connections for, maybe something like file transfers or screen sharing. It's probably meant to be used while a call is underway but I wouldn't be surprised if people have found exploits through it. You could check the box to only allow direct connections from your contacts as another layer of defense.
>
>
>

Well, what do you know. In Skype Preferences—>Advanced, port 20466 is set as my incoming port. I didn’t do that, so it must be a default, which would make it a logical target for exploits. If I try to make the field blank, Skype won’t let me, so it must be used for something legitimate, but Skype is working fine for me with it blocked.







____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Al Varnell

On Mon, Aug 21, 2017 at 05:02 PM, Fritz Mills wrote:

>
>> On Aug 21, 2017, at 11:55 AM, Curtis Wilcox <[hidden email]> wrote:
>>
>> I don't think it was asked before but in your Skype Preferences, Advanced, is 20466 set as your Incoming connection port? For me, the port number specified there is the only one Skype is listening to (TCP & UDP) on IPv4 that can be reached (udp4 127.0.0.1:60032 and udp6 *.60033 are open but not reachable). When you're home, you're behind your network's firewall that's blocking 20466 anyway. The requests Little Snitch blocked was while you were at your father's and directly connected to the cable modem.
>>
>> I'm not sure what Skype still uses direct connections for, maybe something like file transfers or screen sharing. It's probably meant to be used while a call is underway but I wouldn't be surprised if people have found exploits through it. You could check the box to only allow direct connections from your contacts as another layer of defense.
>>
>>
>>
>
> Well, what do you know. In Skype Preferences—>Advanced, port 20466 is set as my incoming port. I didn’t do that, so it must be a default, which would make it a logical target for exploits. If I try to make the field blank, Skype won’t let me, so it must be used for something legitimate, but Skype is working fine for me with it blocked.

I'm quite certain that 6904 has always been my default Incoming connection port. I don't understand how others could possibly contact you without having an incoming connection port in listening mode.

-Al-



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Skype and Port 20466

Fritz Mills

> On Aug 21, 2017, at 7:41 PM, Al Varnell <[hidden email]> wrote:
>
>
> On Mon, Aug 21, 2017 at 05:02 PM, Fritz Mills wrote:
>>
>>> On Aug 21, 2017, at 11:55 AM, Curtis Wilcox <[hidden email]> wrote:
>>>
>>> I don't think it was asked before but in your Skype Preferences, Advanced, is 20466 set as your Incoming connection port? For me, the port number specified there is the only one Skype is listening to (TCP & UDP) on IPv4 that can be reached (udp4 127.0.0.1:60032 and udp6 *.60033 are open but not reachable). When you're home, you're behind your network's firewall that's blocking 20466 anyway. The requests Little Snitch blocked was while you were at your father's and directly connected to the cable modem.
>>>
>>> I'm not sure what Skype still uses direct connections for, maybe something like file transfers or screen sharing. It's probably meant to be used while a call is underway but I wouldn't be surprised if people have found exploits through it. You could check the box to only allow direct connections from your contacts as another layer of defense.
>>>
>>>
>>>
>>
>> Well, what do you know. In Skype Preferences—>Advanced, port 20466 is set as my incoming port. I didn’t do that, so it must be a default, which would make it a logical target for exploits. If I try to make the field blank, Skype won’t let me, so it must be used for something legitimate, but Skype is working fine for me with it blocked.
>
> I'm quite certain that 6904 has always been my default Incoming connection port. I don't understand how others could possibly contact you without having an incoming connection port in listening mode.
>
Google searches are unusually opaque on this issue, as is Skype’s support, but I think the answer might be that Skype uses ports 443 and 80 for much of what it does. Most of the documentation I can find is Windows-specific, which isn’t very helpful. You can, apparently, specify any incoming port you want, between 1024 and 65535. I don’t know why my copy chose port 20466. But I know that Little Snitch blocks port 20466 on my MacBook Pro and I am able to use Skype. I will say I haven’t tried to use the video feature since blocking, but I haven’t used the video feature in years anyway. So it may be related to that. But when I did last use the video feature (and it worked fine), I had the same SonicWall firewall appliance I have now in place, and that firewall almost certainly blocks port 20466 because I have never gotten the port 20466 Little Snitch alerts when I’ve been behind it (I haven't configured the SonicWall one way or the other with respect to port 20466. I’m not that technical). So I don’t know any of the answers, and that’s why I asked the question.



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
12