Skype still down - Published DoS exploit may be culprit

Summary:[UPDATE 8/18/2007 - Another Russian site is claiming this was a DoS attack against Skype's authentication servers.  Skype continue to deny.

[UPDATE 8/18/2007 - Another Russian site is claiming this was a DoS attack against Skype's authentication servers.  Skype continue to deny.] 

It's been a day and Skype is still down for me.  The task tray Skype logo never turns green for me and it keeps trying to connect.  The service was intermittently up on Thursday afternoon Pacific Standard Time but it hard down now.

Valery Marchuk of SecurityLab.ru may have an explanation for this world wide outage for Skype.  Marchuk posted the following message on the full disclosure mailing list:

Valery Marchuk: On SecurityLab.ru forum an exploit code was published by an anonymous user.  Reportedly it must have caused Skype massive disconnections today.

The PoC uses standard Skype client to call to a specific number. This call causes denial of service of current Skype server and forces Skype to reconnect to another server. The new server also "freezes" and so on ... the entire network.

Marchuk posted a link to the PoC (Proof of Concept) code for the exploit which I've left out.  If this is true, this sounds like the kind of low-cost non-brute force DoS (Denial of Service) attack that can bring down an entire service.  Since Skype is still down, this may be a very plausible explanation.

Skype is denying this is some kind of attack and posted the following note:

Hello everyone,

Apologies for the delay, but we can now update you on the Skype sign-on issue. As we continue to work hard at resolving the problem, we wanted to dispel some of the concerns that you may have. The Skype system has not crashed or been victim of a cyber attack. We love our customers too much to let that happen. This problem occurred because of a deficiency in an algorithm within Skype networking software. This controls the interaction between the user’s own Skype client and the rest of the Skype network.

Rest assured that everyone at Skype is working around the clock — from Tallinn to Luxembourg to San Jose — to resume normal service as quickly as possible.

Topics: Social Enterprise, Collaboration

About

George Ou, a former ZDNet blogger, is an IT consultant specializing in Servers, Microsoft, Cisco, Switches, Routers, Firewalls, IDS, VPN, Wireless LAN, Security, and IT infrastructure and architecture.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.