Thursday, 29 December 2011

Skype Super Nodes - Are You One?

I'd like to keep this article as simple as possible without getting into a long draw-out discussion on Skype Super Nodes, Relay Hosts, or the technical methods of detecting if your bandwidth is being eaten-up by your PC acting as a Skype Super Node, or Relay Host.

I'm certainly not an expert on this subject.  But, I have done some homework and have come up with some basic understanding of who potentially becomes a Super Node or Relay Host for Skype.

More importantly, I'd like to convey just the two basic steps you can take to prevent your PC from becoming one of Skype's Super Node networks.

What Is A Skype Super Node?
"A Super Node is a Skype client that has a public IP address and enough spare CPU
cycles, RAM, and bandwidth to take on additional duties for the Skype P2P network. Super
Nodes hold a portion (up to several hundred users) of the distributed Skype directory."

Super Nodes essentially act as look-up directories allowing Skype users (Skype clients) to find and connect to other Skype users (other Skype clients).

What is a Skype Relay Host?
"A relay host is a Skype client that has a public IP address and enough spare CPU
cycles, RAM, and bandwidth to relay Skype content for other Skype users who are behind
restrictive firewalls or are otherwise unable to communicate with each other directly."

The Relay Host acts as an intermediary for relaying audio, video, etc. content between Skype clients who are unable to make direct connections between themselves.  This is usually because the two Skype clients who want to connect, but can't due to being behind a NAT/Firewall network Router.

What's The Bottom Line Here?
The bottom line is that if your PC becomes a Super Node or Relay Host, your PC could potentially be using significantly more Internet bandwidth that you should be using (or, want to be using).

Two Basic Steps To Help Prevent Becoming A Super Node, or Relay Host:
  1. Make sure your PC is behind a hardware NAT/Router/Firewall.
  2. Disable Skype's use of Ports 80 and 443.

1) - Make Sure You Are Behind a hardware enabled NAT/Router/Firewall
Now days, everyone should be behind a hardware enabled NAT/Router/Firewall, for security reasons, if for no other reason.  This step alone may be all it takes to ensure you don't become a Super Node.

2) - Disable Skype's use of Ports 80 and 443
This step is easily done by navigating to Skype's Options -->Advanced-->Connections settings.
In this dialog box, "uncheck" the option "Use Port 80 and 443 as alternate incoming connections".  This step is crucial, if you are not behind a NAT/Router/Firewall (but, you really should be).  If you are behind a NAT/Router/Firewall, this step may be optional.  However, I always do this myself, just for the added peace of mind.  (But, it does mean doing some extra work, like Port-Triggering in your router to pass on (trigger Open) Skype's randomly set port.)

2a) - While here, also note the port value randomly set by Skype to use instead of ports 80 and 443.

2b) - Be sure to Port-Forward, or Port Trigger on the port value used as the primary port for Skype to listen for incoming connections.  To do this, you will need to know how to administer the settings in your NAT/Router/Firewall connected between your PC and the Internet modem.

In Conclusion
If you are able to perform the steps listed above, it appears to be unlikely that your PC will become one of Skype's notorious Super Nodes or Relay Hosts.

It is also possible to restrict Skype's ability to act as a Super Node by use of Windows Policies using registry keys and Skype's config files.  Skype's Network Admin Guide reveals what the settings are.

Skype:  A Practical Security Analysis   -  by Bert Hayes, SANS Institute
Guide For Network Administrators  -  by Skype Biz
Skype Relay Calls: Measurements and Experiments  - by Dept. of Computer Science, Columbia University