Well, maybe. Skype is very close to DNS is architecture. Most peer to peer networks rely on some type of server or at least contain some other form of helper for the normal clients. This makes sense for many reasons. So I was going to write this post last night on how I think this might be a DOS attack and it turns out that it really might be a DOS attack. (maybe) George Ou security news analyst for ZDNET recently said that the services has been up at times but then doesn’t last. He points out that Marchuk is posting the following message on the full disclosure mailing list.
Valley Marchuk: On Security.rub forum an exploit code was published by an anonymous user. Reportedly it must have caused Skype massive disconnections today.
The PoC uses standard Skype client to call to a specific number. This call causes denial of service of current Skype server and forces Skype to reconnect to another server. The new server also “freezes” and so on … the entire network.
Of Course Chief Skyper Villu Arak clearly does not agree this is the problem. (this is what gets me thinking on my own again, more clues to glue you to the situation) I actually think it’s just a case of a user releasing exploit code when he can easily get attention doing so, but I could be wrong.
As we continue to work hard at resolving the problem, we wanted to dispel some of the concerns that you may have. The Skype system has not crashed or been victim of a cyber attack. We love our customers too much to let that happen. This problem occurred because of a deficiency in an algorithm within Skype networking software.
When Villu talks about an inefficiency in its software, that’s good news I believe. The reason I say that is they are probably not lying and they are dong more about it than let’s say FEMA would. There is a problem with what he says though. If there is an deficiency in their network algorithm surely the problem would had surfaced long ago. I don’t think my boycott is of AT&T is going very well so I’m thinking perhaps there must be something there hidden in the sauce of what’s going on here. Only time will tell, unless it’s a problem with Xbox 360’s that is.
One last thing I want to note, I actually believe that this will all come down to be some inadequate Byzantine fault tolerance type subroutine. Byzantine fault tolerance is basically code to minimize a fault that occurs during the executing of an algorithm by a distributed system. Te output of one function is the input of another and then you have small round-off procedures (Maximum Transmission Unit perhaps) which can cause errors. These errors are occur during estimation of data or distribution. If the second function were fed into a third the problem could grow even larger until the values are worthless or in this case, very dangerous to the health of the network.
So is this a case of Dynamic Denial of Service (Clients attacking themselves with their new Wal*Mart phones? Or A case of Transmission Transmutation. We will know soon. You’ll be able to call folks and find out more.
Lessons Learned? monocultures, especially monocultures that rely on many other client, are not good monocultures for communication sometimes. I hope it goes back up and they find AT&T was actually behind it all and everyone gets caught red headed. 🙂 Enough with the AT&T hate. (at least until after my morning coffee)
GeekSpeaker 
Leave a comment