I'm sure it would be possible to utilize Skype, especially with this new encrypted UDP traffic, as a covert channel. You could either use a skype specific exploit, which would be in high demand. I bet people are running fuzzers right now against this new code for buffer overflows. Or you could use some email or IM trickery to get the user to initiate a skype connection to you. Either way the network security admin either won't see it because its encypted or just ignore it as regular skype traffic.

From what I understand because the Skype client in already behind the firewall it has an established connection already and this is why it can work thought firewalls and NAT. Just like your messengers or any other client side connection software. Skype is not tricking your firewall it is just keeping a path open. Now it could be jumping around on random outbound ports to lessen the chance of Man-in-the-middle-attacks being able to collect passwords or record the calls. A lot of different software dose established connections to have a path from a privet network to there servers. This is the idea behind a lot of Trojan horses because with a firewall set to "default deny" or "explicit deny" it will only allow established connections to pass. The biggest issue with all the different client messageing/voip software is that there can be all kinds of Trojan like activity and you might not know till it's too late. I would say just keep you eye out and make sure to only use software you trust.

Slimjim100

(sorry if I got to far off topic)

This application is tricky.  It uses any available TCP port it can use.  If one is blocked, it keeps going until one is open.  Thi causes headaches for security admins.  We use SMS to monitor if Skype (application) is installed on a pc and use web filtering blocking all of the sites that you can install Skype from.

Nice Article don!

            I can say that Sonicwall Firewalls (which I do not like too much) do block this kind of UDP hole punching. I have seen with Skype and Hamachi you have to have a relay to get a connection when traversing though a Sonicwall firewall. I am also sure the Netscreen firewalls block UDP scanning by default too but both of the firewalls I just mentioned are not your basic NAT firewall but slightly more advanced firewalls will a few extra bells and whistles. Anyway it was a very good article and it inspired me to break out my ethereal /wireshark and do some sniffing. It's amazing the load of crap traffic all the little IM/P2P/VoIP clients throw around your network!

Slimjim100