Microsoft has rolled out a new version of the desktop Skype client that should make users of its service a bit more secure against denial-of-service attacks. The Skype client has long leaked IP address information, allowing other users on the network to determine which IP address an account is using. A number of online services of varying degrees of shady offer direct IP address lookups, and at least these have worked effectively in the past.
In particular, this leak has been widely exploited in gaming communities. Much professional Dota 2 games were disrupted by denial-of-service attacks last year. Players were forcibly disconnected from the game, leaving their team trailing 4-on-5. Skype, which is often used for coordinating games and communicating within teams, was routinely blamed as it leaks players’ IP address information, enabling these attacks.
Information leakage is likely a vestige of Skype’s peer-to-peer nature; each user’s IP address had to be distributed to allow direct peer-to-peer connections to those users. But for some time now, the client has had an option to hide your IP address from people who are not on your contact list. In this mode, all traffic between non-contacts goes through Microsoft’s servers and IP addresses are not easily disclosed. Wise use of this option protects your address from the various IP address lookup services and thus protects against denial of service attacks.
That option is now enabled by default, making accidental information leakage much less likely. With this option, people on your contact list can still basically find out your IP. But if they’re the ones knocking you off the internet with denial-of-service attacks, it’s probably time to be more sensible about who you call a friend.