How Software like Skype Bypass Firewalls?

To protect computer systems from internet threats they are placed behind the firewall. Preferably, a router is there performing some firewall action or functions,  like translating the PC’s local network address for the public IP address, this process is also called NAT (Network Address Translation). This means there is no direct access to the PC so connection need to be established from inside.

skype How Software like Skype Bypass Firewalls?Some smart and specially engineered applications like Skype is known to get pass through the majority of secure networks and firewalls. How?
One of the worst nightmares for a network administrator is the P2P or peep-to-peer software application. These applications use some subtle tricks to by-pass the firewall so that they can exchange data packets with one another as quickly and directly as possible. Whereas firewalls are there to protects any packets from the outside world.
Now this seems to be a problem if two computers want to talk to each other the NAT firewall will block all kind of communication and decline all the calls for protection and this exactly what a network administration would be expecting.

Punching hole through the firewall
Anyone using Skype or similar applications knows that they work effortlessly behind the NAT firewall. The inventors of such application have come up with a solution.
For users to view websites and read emails firewall must let packets pass into the local network. Though, this only happens when it is convinced that the packets are response to a request made b y the user. So a NAT router keeps track of all the communication between the internal and the external computers and the port they were using and also maintains a log of all the entries.

Let me explain you with an example;
VoIP (Voice-over Internet Protocol) uses a trick in persuading the firewall that the connection has established, and the firewall allows the incoming data packets. Instead of using TCP () the VoIP uses UDP which is a connectionless protocol and Skye also take an advantage by using this same protocol for communication. So the firewall only sees the addresses and the ports of the both the sender and receiver, and if the packet matches the entry in the NAT’s log, it will allow the communication to take place with a clear sense of right and wrong.

Friday, March 26, 2010

How Software like Skype Bypass Firewalls?

To protect computer systems from internet threats they are placed behind the firewall. Preferably, a router is there performing some firewall action or functions,  like translating the PC’s local network address for the public IP address, this process is also called NAT (Network Address Translation). This means there is no direct access to the PC so connection need to be established from inside.

skype How Software like Skype Bypass Firewalls?Some smart and specially engineered applications like Skype is known to get pass through the majority of secure networks and firewalls. How?
One of the worst nightmares for a network administrator is the P2P or peep-to-peer software application. These applications use some subtle tricks to by-pass the firewall so that they can exchange data packets with one another as quickly and directly as possible. Whereas firewalls are there to protects any packets from the outside world.
Now this seems to be a problem if two computers want to talk to each other the NAT firewall will block all kind of communication and decline all the calls for protection and this exactly what a network administration would be expecting.

Punching hole through the firewall
Anyone using Skype or similar applications knows that they work effortlessly behind the NAT firewall. The inventors of such application have come up with a solution.
For users to view websites and read emails firewall must let packets pass into the local network. Though, this only happens when it is convinced that the packets are response to a request made b y the user. So a NAT router keeps track of all the communication between the internal and the external computers and the port they were using and also maintains a log of all the entries.

Let me explain you with an example;
VoIP (Voice-over Internet Protocol) uses a trick in persuading the firewall that the connection has established, and the firewall allows the incoming data packets. Instead of using TCP () the VoIP uses UDP which is a connectionless protocol and Skye also take an advantage by using this same protocol for communication. So the firewall only sees the addresses and the ports of the both the sender and receiver, and if the packet matches the entry in the NAT’s log, it will allow the communication to take place with a clear sense of right and wrong.

No comments: