On 5/31/07, Russell McMahon wrote: > Any product that does its very very best to bypass security > arrangements as a matter of course must be an attaractive target for > others who would hope to be able to use it as a conduit for their own > nefarious products. I was seeking to convey not that it constituted a > ecurity risk in its own right but because it might provide a means of > attack for others to utilise. I've used teamspeak before. It doesn't use any NAT reverse-traversal. This means that if you run a teamspeak server you must explicitly set your firewall up to allow incoming teamspeak connections. One advantage to this method is it doesn't require a third party server to enable the connection, thus you can more easily maintain your privacy - no one need know about your server, nor who and when others are connecting to it (other than your ISP, etc). Compared to Skype, this is much more risky - the port is always open. Skype tricks the NAT into thinking there is an outgoing connection, which allows an external incoming connection for only a brief time, from an expected IP and port combination, and during an expected and wanted transaction. This method requires a third party server to enable the NAT reverse traversal technique. Further, the NAT reverse traversal technique is only required if both sides of the conversation have firewalls. In either case, _any_ hacking attempt will have to go through either teamspeak or skype's program. So you have two strikes against skype - you don't like the NAT reverse traversal technique, and you don't like the peer to peer model which allows them to use your computer in exchange for a good, free communications program. I believe that Skype's method is slightly safer than teamspeak's method, since the port does not always have to remain open, and promiscuous - In other words, while the teamspeak port is open any computer anywhere can connect and attempt a hack. Skype's technique limits the incoming connection to an IP and port negotiated by the third party server - if you don't hit connect or accept in skype, then the port is never opened. If you hit connect or accept, the port is opened for a brief time for exactly one IP address and port combination due to the way the NAT method works. IPs can be spoofed, to a degree, for UDP packets, but skype will likely disconnect if the TCP control channel isn't maintained, and that cannot be IP spoofed across the internet - it would have to be done locally or at the ISP. So I believe your first issue is baseless. The NAT reverse traversal method works under a variety of firewalls and such precisely because those firewalls allow outgoing connections. If they didn't, you couldn't browse the web. This fundamental "flaw" in the firewall is the weak spot you are really complaining about, and if it really bothers you then your best bet is to disconnect from the internet. There is no solution for the second problem. If you aren't willing to trade some of your computer and internet resources with Skype, I don't see why they should give you free service. Teamspeak isn't really a phone solution anyway - it's more of a conferencing platform. I have used it before, primarily for gaming, and it does work as advertised. I don't use skype or teamspeak for person to person calling, though, as I have a cell phone and a plan which fits my needs. I suppose if I were calling outside the US I would find a much cheaper solution very quickly, though. I don't mean to call you a tin-foil hatter, but do you honestly believe the risk outweighs the benefits for Skype? It seems that you are extraordinarily cautious about cracking attempts - you must have been cracked before? Most interestingly, though, is that you are very leery of Skype the company. As though you expect that they would use significant computer and internet resources, and possibly do other nasty things. As you pointed out, they have a very large fan base that watches them very closely. I seriously doubt they would be able to get anything significant by anyone. Ah, the philosophy of software. Pretty soon no one will know or care what an OS or the internet is or does. They'll just have always on devices that do a variety of tasks, and it won't matter whether their stuff is stored or processed locally or remotely, as long as they can use it when and where they want to. -Adam -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Moving in southeast Michigan? Buy my house: http://ubasics.com/house/ Interested in electronics? Check out the projects at http://ubasics.com Building your own house? Check out http://ubasics.com/home/ -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist