Does Skype going crazy with UDP out's valid or a sign of a virus?


After a long time ‘established’ anti-virus and firewall failed miserably and allowed trojans to get through (never did find them even after repeated updates and scans), I went looking and found that both Avast and Comodo have high ratings. Not sure how effective Comodo’s firewall will be (time will tell I guess) but I sure like how Comodo provides a user access and control as well as being able to see what’s going on. Comodo sure has a lot more proactive functions than the long time “standard”…

  1. Does anyone know if/when Comodo will change their task bar icon to where it will easily display when when a person has the firewall blocking all traffic? (And does that function indeed block all activity?)

At any rate, when dumping the other and installing Avast and Comodo, when starting up Skype, there was a boat load of UDP outs to all sorts of IP addresses that Comodo flagged as suspect and asking if I wanted to allow or block them (as well as a fair number of TCP outs). In searching the net regarding Comodo users having all these UDP outs occurring with Skype, some of the blogs/post say something about blocking all UDP outs (not that computer savvy to know if their ‘advice’ was accurate or not).

  1. Does anyone know specifically why Skype would have all those UDP outs, and are they valid or should they be blocked as Comodo throws each one up as being suspect, and if they are not valid and ‘safe’ to allow, what the heck is going on?

In searching about this issue, I also ran across some white hat/black hat discussions (and one providing how to instructions) that another person’s Skype account is able to be hacked/compromised to monitor who you call, IM’s sent etc. After reading that, and having had other web accounts violated in the past, I’m still very skittish about all those UDP outs…

  1. Most all of the UDP outs I blocked and selected ‘remember’ (may have missed a few as there was probably over 100). IF I was in error about blocking them, how does one easily reverse the blocking?

  2. If I was not fast enough to respond to a warning pop up box asking to allow or block an action and the box goes away, does Comodo by default allow, or block such an action?

  3. If an action or UDP out was allowed (and marked to be remembered), how does a person go in and easily find those that were allowed, and remove the allow setting?

I’m not yet running Comodo in the Paranoid mode, but I think I have most everything set to the strongest scrutiny levels and Comodo actually sandboxed things like Thunderbird and some of those ominous warning Comodo boxes popped up saying that something may be trying to use Thunderbird yada yada, and asking to either allow or block the action etc. when I first started up Thunderbird after installing Comodo. I blocked most all, but some (can’t recall what they were) I had to allow in order for Thunderbird to operate at all.

One of the other forums helped to go through the computer and run a series of tests and scans and get things cleaned up (but most all of the Trojans etc were found when I had installed and ran Avast the first time) and things seem to be running ok, but the boat load of UDP Out’s that Comodo flags when starting up Skype has me a bit concerned. If anyone knows for sure what’s going on regarding all those UDP Outs (and even a fair amount of TCP outs) to all kinds of different IP address, it would I think be helpful to me and others that are running into these issues to know what’s going on, and if it’s an issue that needs to be dealt with.


when you loaded skype from a trusted page, read my explaination. as it shouldnt be a virus activity then.

some free things asking you to give something else.
you give something of your bandwith to the skypenetwork, and you get the abillity to make free chats and some free voice features in return.
skype is a messenger that works on a p2p basis (traffic might be lead over your client, like sometimes your skype taffic is lead over others clients too (somehow encrypted)). that are these connections which you see.
an advice to be carefull: the longer you let skype run in a row, the more possible it may be that the skype network uses your client as a supernode. for example, when your pc runs skype usually for a week without interruption, your client might be one of the nodes that have to deal more offline messages or indirect transfers for others.

as long as you disable skype from time to time, the give and get is a fair thing. avoid to be “reliable enough to become a supernode” (i dont let it run longer than a half day in a row).
disable “use ports 80 and 445 as alternatives”. you can learn about it, when you read university rules of using skype in an university network. and its interesting how skype is able to “bypass” firewalls while it is a p2p network. part of that abillity is made by these nodes. to say it easy: the firewall is thinking that the new message from your friend is a response to an outgoing request of your client. even though your client doesnt wrote first or even know the actual ip of your friend in that moment.

in general about rules: apart from usual p2p and running a real server, you just need kinds of OUTgoing rules in a modern firewall to let things work. (skype works with just OUTgoing rules, as i described, though its p2p).
use the stealth port wizard setting 3 in comodo, then all unrequested ingoing traffic from the internet is blocked without question (this is unrelated to skype).

about your questions about features of comodo, and places of rules: make sure that you at least saw one time all windows. you will understand the program better.
btw, unanswered questions dont lead to an “allow”. that would be totally pointless.

if there are questions left, just ask.