X
Business

Skype still down - Published DoS exploit may be culprit

[UPDATE 8/18/2007 - Another Russian site is claiming this was a DoS attack against Skype's authentication servers.  Skype continue to deny.
Written by George Ou, Contributor

[UPDATE 8/18/2007 - Another Russian site is claiming this was a DoS attack against Skype's authentication servers.  Skype continue to deny.] 

It's been a day and Skype is still down for me.  The task tray Skype logo never turns green for me and it keeps trying to connect.  The service was intermittently up on Thursday afternoon Pacific Standard Time but it hard down now.

Valery Marchuk of SecurityLab.ru may have an explanation for this world wide outage for Skype.  Marchuk posted the following message on the full disclosure mailing list:

Valery Marchuk: On SecurityLab.ru forum an exploit code was published by an anonymous user.  Reportedly it must have caused Skype massive disconnections today.

The PoC uses standard Skype client to call to a specific number. This call causes denial of service of current Skype server and forces Skype to reconnect to another server. The new server also "freezes" and so on ... the entire network.

Marchuk posted a link to the PoC (Proof of Concept) code for the exploit which I've left out.  If this is true, this sounds like the kind of low-cost non-brute force DoS (Denial of Service) attack that can bring down an entire service.  Since Skype is still down, this may be a very plausible explanation.

Skype is denying this is some kind of attack and posted the following note:

Hello everyone,

Apologies for the delay, but we can now update you on the Skype sign-on issue. As we continue to work hard at resolving the problem, we wanted to dispel some of the concerns that you may have. The Skype system has not crashed or been victim of a cyber attack. We love our customers too much to let that happen. This problem occurred because of a deficiency in an algorithm within Skype networking software. This controls the interaction between the user’s own Skype client and the rest of the Skype network.

Rest assured that everyone at Skype is working around the clock — from Tallinn to Luxembourg to San Jose — to resume normal service as quickly as possible.

Editorial standards