SKYPE is using whole block of IP addresses from various ranges. Using Wireshark & some digging I found following pools which skype is using for its various functions.BUT do remember that with new updates/ver more hosts can be added. for this purpose you can use Catch Skype Script on mikrotik to detect new addresses and add them to the list.
Also it is possible that some valid/legitimate sites may get blocked with this approach, just find the right ip address of the particular site, and allow it before the deny rule.
Use following code and then try to connect to SKYPE and watch the results. This is purely Hit & Trial method , try it and post your comments or if you have some better way to block SKYPE do let me know.SKYPE have different server’s for different regions, so probably these destinations may not work for you, but at least they are working in Pakistan.
Regard’s
Syed Jahanzaib
/ip fi ad add address=111.221.74.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=111.221.77.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=157.55.130.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=157.55.235.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=157.55.56.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=157.56.52.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=194.165.188.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=195.46.253.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=213.199.179.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=63.245.217.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=64.4.23.0/24 comment=disable_skype disabled=no list=skype_servers_z add address=65.55.223.0/24 comment=disable_skype disabled=no list=skype_servers_z /ip firewall filter add action=drop chain=forward disabled=no dst-address-list=skype_servers_z
▼
After blocking, Result as showed in the image below . . .
▼
Also read following …
Script to catch all URL name with SKYPE name using DNS cache , and add them to ADDRESS LIST
Today , a good friend (VirtualIT Support) forwarded me a script which catch all URL IP addresses which have ‘Skype‘ in DNS CACHE and then add it to a address list.
Schedule this script to run after every 10-15 minutes, it will check every dns entry (in dns cache) and will add any URL name which have Skype in it to the address list. then using Firewall FILTER , you can block this list (in FORWARD chain)
Just copy paste the following code in terminal. Then add schedule or manually run it, try to login to skype few times, and run the script, every time it will add few ip addresses to the list : )
/sys script add name=skype_script policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=":foreach i in=[/ip dns cache find] do={\r\ \n :local bNew \"true\";\r\ \n :local cacheName [/ip dns cache all get \$i name] ;\r\ \n# :put \$cacheName;\r\ \n\r\ \n :if ([:find \$cacheName \"skype\"] != 0) do={\r\ \n\r\ \n :local tmpAddress [/ip dns cache get \$i address] ;\r\ \n#\t:put \$tmpAddress;\r\ \n\r\ \n# if address list is empty do not check\r\ \n :if ( [/ip firewall address-list find ] = \"\") do={\r\ \n :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\ \n /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\ \n } else={\r\ \n :foreach j in=[/ip firewall address-list find ] do={\r\ \n :if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\ \n :set bNew \"false\";\r\ \n }\r\ \n }\r\ \n :if ( \$bNew = \"true\" ) do={\r\ \n :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\ \n /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\ \n }\r\ \n }\r\ \n }\r\ \n}"
Dead Sayd
I use a small bash script to get this AS informations, see the example:
echo “/ip firewall filter” ; whois -h whois.radb.net — ‘-i origin AS32934’ | grep ‘^route:’ | sort -n | uniq | awk ‘{print “add action=drop chain=forward comment=AS FACEBOOK dst-address=”$2}’
I guess you’ll have other idea above.
Congrat.
LikeLike
Comment by int21int21 — December 12, 2013 @ 1:08 AM
How to male skype work better with mikrotik ?
LikeLike
Comment by yousef mohamed — December 22, 2013 @ 10:06 AM
nice it is working good thanks mr
LikeLike
Comment by mohamed — January 10, 2014 @ 9:49 PM
A O A sir i hope u will be fine i have a problem in my network i have 200+ client but my skype not work properly call drop or ended so plzx i need for help
LikeLike
Comment by saad — January 23, 2014 @ 12:43 PM
yar agr kasi ka masla hal hoo jay too pls mujy zaror baty ga mara bi skype bhot problem karta he
LikeLike
Comment by azhar farooq — November 2, 2015 @ 8:20 PM
skype merge with microsoft, so many ip must be updated
Thank
LikeLike
Comment by Fals — September 19, 2017 @ 10:00 AM