Well, conclusions are going to be short this time ;)

The explained approach to block and drop authentication requests is a viable one to block Skype connections, specially if you are short of UTM appliance.

However, I want to do two important recommendations:

  1. remember that Skype hosts can change, so if you feel that someone is using Skype despite your policies, use a packet sniffer to check hosts list; 
  2. it is possible that some other, legitimate, non-Skype hosts went included into my list. So be aware of false positive and, if some services stop working after you added these policies, carefully watch your firewall's log to immediately find these legitimate hosts. 

I hope that this article will be useful. If you want, you can contact me using the comment system or by writing at This email address is being protected from spambots. You need JavaScript enabled to view it.

Have a nice day!