Protection from DDoS Attacks – Preventing Skype from leaking your IP

Posted on by | Discuss this article on reddit

Our Toolbox

PuTTY.exe

PuTTY is a neat little program that allows you to do a lot of different things. The specific functions we will be using it for is the ability to tunnel SSH traffic through localhost (127.0.0.1 on port 8080) to our VPS. In laymen’s terms, it will be transferring (or tunneling) all of the data from Skype through a secure connection so that only the IP address of the VPS you’re connected to is being exposed to anyone else. If anyone were to try to resolve your IP address using a resolver, it would either return an error or it would return the IP Address of the Amazon server your VPS is set up on.

PuTTYgen.exe

This is a simple program that we will use that will transform the key we get from Amazon into something that PuTTY can use to authenticate our connection to our VPS.

Windows 7 Firewall

We’re using Windows 7/8/8.1’s Firewall (ANY Firewall with similar functionality can be substituted here) to disable Skype from making connections to the internet.

EC2 Amazon Access

Even though it requires a credit card to sign up for and activate, the only tier we’re interested in is the one that’s free for one year. Amazon may authorize $1 to your CC just to verify that it’s real, but you won’t actually be billed any money. Again, the free-tier which we will be using will be good for 1 year after activation.

The Process

The problem people have with Skype is that it tends to skip over whatever proxy you ask it to use. It doesn’t actually ignore the proxy, but it will simply add it to a list of nodes it will consider connecting to if you’re having trouble maintaining a connection to any of the default Skype servers. For our purposes, this makes the default proxy settings in Skype useless.

Instead of adding our VPS to the Skype proxy list, we’ll add 127.0.0.1:8080, which basically means we’ll be telling Skype to look to our own computer for a connection, rather than going to the internet to search for Microsoft nodes to connect to. “What’s the point, though? You said it won’t even use that most of the time!” That’s where our Windows Firewall comes in! We’ll use Windows 7/8/8.1’s Firewall to block Skype from making ALL outbound connections to the internet. This means that when Skype tries to connect to the internet when you log in, it will see that there is no connection available. This forces it to look to any proxies the user has supplied for a connection. Ordinarily, these would also not work (since all outbound connections are blocked by our Firewall), however, localhost is not an outbound connection and therefore falls outside of W7/8/8.1’s restricted connections. This means we’ve effectively tricked W7’s firewall into becoming a routing tool! Skype will then begin tunneling traffic through localhost, assuming PuTTY is open and you are connected to your EC2 server that you set-up on Amazon.

This setup is simple because it is relatively easy to set-up, and once it is set-up it is impossible to “screw up” and accidentally leak your IP.

This setup is elegant because you are only routing the Skype traffic via an SSH tunnel to an Amazon EC2 instance. You are not routing any extra traffic from any games, and you only require the default firewall on your Windows OS to do the routing.

This setup is reliable because Amazon hosting is one of the most reliable hosts in the world.

This setup is secure because all of your traffic is being routed through Amazon, meaning you are never exposing yourself to any risky or shady third parties.