信息安全 - 在 Skype 上接到“Skype-resolver”的电话。我应该担心吗？ - 吾爱随笔录

在 Skype 上接到“Skype-resolver”的电话。我应该担心吗？

信息安全 ip Skype

2021-09-03 22:31:26

今天早上，我发现我的手机在半夜接到了来自“skype-resolver”的电话。当我去Skype时，找不到电话，大概是因为该帐户已被删除。然而，iOS 保留了通话记录，名称为“Group%20Maker”，用户名“8:guest:abab0b31-f32b-...”。

这很令人惊讶，因为在我使用 Skype 的十年中，我从未被骗子联系过。最远的范围是联系请求。

我有使用 Skype 解析器的经验，多年前就曾尝试过它们。我对自己进行了测试，它会吐回我的 IP。只有它永远不会在这个过程中打电话给你。自从这些显然被修补后，这些网站就永远无法运行，也很少有人再谈论它们了。

这就是为什么我觉得接到这样的电话很奇怪。我在 Skype 目录中搜索了类似的联系人，发现了几十个活跃的“Skype Resolver”帐户，所有帐户的用户名都是“guest:xxxxxxxx-xxx...”。但这就是我所能找到的关于我的来电者的全部信息。这只是一些新的骗局，还是有人真的试图在 2021 年获得我的 IP？

更新：我手机上的通知缓存显示来电者实际上被命名为“ skype-resolver.net ”。该网站只是导致“即将推出”屏幕。whois 查询显示该网站是昨天创建的。

更新 2：大约 18 小时后收到他们的第二个电话，使用不同的用户名。想回答，但出于我的 IP 安全考虑没有回答。想法？

2个回答

要回答这个问题 -是的，你应该担心，我建议在你不需要的所有设备上卸载 Skype。

如果您使用的是 Outlook 的网络应用程序，uBlock Origin 的以下过滤器将完全禁用 Skype 的集成并阻止您的 IP 被解析：

||*.skype.com^$third-party

怎么运行的

使用访客帐户拨打电话
该访客帐户在致电之前已阻止您
您无需接听电话即可让您的 IP 泄露。
我没有看到任何 P2P 连接

我相信它没有出现在通话记录中的原因是因为 Skype 不希望访客帐户给他们阻止的人打电话。

当您接到电话时，Skype 似乎会以某种方式吐出您的 IP。

来自 Skype API 的数据

以下是 Skype 服务中的一些数据，这些数据会在您接到他们的电话时发生：

来电者数据：

[
   {
      "about":null,
      "avatarUrl":null,
      "birthday":null,
      "city":null,
      "country":null,
      "displayname":"skype-resolver.net",
      "emails":[
         
      ],
      "firstname":"skype-resolver.net",
      "gender":"0",
      "homepage":null,
      "jobtitle":null,
      "language":null,
      "lastname":null,
      "mood":null,
      "namespace":"guest",
      "phoneHome":null,
      "phoneMobile":null,
      "phoneOffice":null,
      "province":null,
      "richMood":null,
      "username":"guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa"
   }
]

对话数据：

{
   "targetLink":"https://azeus1-client-s.gateway.messenger.live.com/v1/users/ME/contacts/8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa",
   "id":"8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa",
   "type":"Conversation",
   "version":1613596332633,
   "properties":{
      "isemptyconversation":"False",
      "conversationblocked":"True"
   },
   "lastMessage":{
      "from":"https://azeus1-client-s.gateway.messenger.live.com/v1/users/ME/contacts/8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa",
      "type":"Message",
      "conversationLink":"https://azeus1-client-s.gateway.messenger.live.com/v1/users/ME/conversations/8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa"
   },
   "messages":"https://azeus1-client-s.gateway.messenger.live.com/v1/users/ME/conversations/8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa/messages",
   "lastUpdatedMessageId":0,
   "lastUpdatedMessageVersion":0
}

Skype 将尝试获取对话消息，但由于对话被阻止，它将返回带有以下 JSON 的“400 Bad Request”错误：

{"errorCode":201,"message":"conversation blocked"}

通话数据：

{
   "participants":{
      "from":{
         "id":"8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa",
         "displayName":"skype-resolver.net",
         "endpointId":"removedf-ffff-ffff-ffff-ffffffffffff",
         "languageId":"en-GB",
         "participantId":"8c34d346-59ba-49dc-96f2-295f92b45d31",
         "hidden":false
      },
      "to":{
         "id":"8:[REMOVED]",
         "displayName":null,
         "endpointId":"00000000-0000-0000-0000-000000000000",
         "languageId":null,
         "participantId":"removedf-ffff-ffff-ffff-ffffffffffff",
         "hidden":false
      }
   },
   "callInvitation":{
      "callModalities":[
         "audio"
      ],
      "links":{
         "progress":"https://cc-euwe-08.cc.skype.com:443/cc/v1/incoming/[REMOVED]/24/t/369/progress?i=215",
         "newOffer":"https://cc-euwe-08.cc.skype.com:443/cc/v1/incoming/[REMOVED]/24/t/369/mediaOfferRequest?i=215",
         "mediaAnswer":"https://cc-euwe-08.cc.skype.com:443/cc/v1/incoming/[REMOVED]/24/t/369/mediaAnswer?i=215",
         "acceptance":"https://cc-euwe-08.cc.skype.com:443/cc/v1/incoming/[REMOVED]/24/t/369/accept?i=215",
         "redirection":"https://cc-euwe-08.cc.skype.com:443/cc/v1/incoming/[REMOVED]/24/t/369/redirect?i=215",
         "callController":"http://callcontroller.invalid",
         "callLeg":"https://cc-euwe-08.cc.skype.com:443/cc/v1/incoming/[REMOVED]/24/t/369/reject?i=215",
         "subscribe":"https://broker-euno-07.broker.skype.com/api/v1/subscribe/d19d9eb1-6f54-4980-bdda-4729e82f0a4b/0?i=13",
         "brokerHttpTransport":"http://52.114.77.179/enc"
      },
      "mediaContent":null,
      "replaces":null
   },
   "additionalActionResponses":[
      {
         "url":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]?i=219&e=[REMOVED]",
         "output":{
            "roster":{
               "participants":{
                  "8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa":{
                     "details":{
                        "id":"8:guest:a93b3f62-010a-49ce-817a-b2b1f953aeaa",
                        "displayName":"skype-resolver.net",
                        "endpointId":"00000000-0000-0000-0000-000000000000",
                        "participantId":null,
                        "languageId":null,
                        "hidden":false
                     },
                     "endpoints":{
                        "removedf-ffff-ffff-ffff-ffffffffffff":{
                           "call":{
                              "serverMuteVersion":0
                           },
                           "capabilities":{
                              "cloudAudioVideoConference":"enabled",
                              "cloudScreenSharing":"disabled",
                              "hostlessConference":"disabled",
                              "cloudMerge":"disabled",
                              "additionalModalityOperationLinks":"disabled",
                              "implicitCallback":"disabled",
                              "autoJoinOnConflict":"disabled",
                              "supportsCompressedServicePayload":"disabled",
                              "serverMuteUnmute":"disabled",
                              "supportNgcMediaControl":"disabled"
                           },
                           "participantId":"removedf-ffff-ffff-ffff-ffffffffffff"
                        }
                     },
                     "role":"guest"
                  }
               },
               "type":"MultiPartyEndpoint",
               "sequenceNumber":0,
               "participantCounts":{
                  "totalParticipants":1,
                  "preheatedParticipants":0,
                  "lobbyParticipants":0,
                  "totalPresenters":0,
                  "requestingAttentionPresenters":0,
                  "totalAttendees":0,
                  "requestingAttentionAttendees":0,
                  "overflowAttendeeCount":0
               }
            },
            "conversationController":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]?i=219&e=[REMOVED]",
            "sequenceNumber":1,
            "subject":"",
            "activeModalities":{
               "call":null
            },
            "state":{
               "isMultiParty":false,
               "groupCallInitiator":null,
               "isBroadcast":false,
               "isVoiceDataCollectionOn":false
            },
            "links":{
               "leave":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/leave?i=219&e=[REMOVED]",
               "addParticipant":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/addParticipant?i=219&e=[REMOVED]",
               "removeParticipant":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/removeParticipant?i=219&e=[REMOVED]",
               "addModality":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/addModality?i=219&e=[REMOVED]",
               "addParticipantAndModality":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/add?i=219&e=[REMOVED]",
               "removeModality":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/removeModality?i=219&e=[REMOVED]",
               "mute":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/mute?i=219&e=[REMOVED]",
               "unmute":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/unmute?i=219&e=[REMOVED]",
               "notificationLinks":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/notificationLinks?i=219&e=[REMOVED]",
               "merge":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/merge?i=219&e=[REMOVED]",
               "updateEndpointMetadata":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/updateEndpointMetadata?i=219&e=[REMOVED]",
               "updateEndpointState":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/updateEndpointState?i=219&e=[REMOVED]",
               "admit":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/admit?i=219&e=[REMOVED]",
               "conversationHttpTransport":"http://52.114.74.144/enc",
               "publishState":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/publishState?i=219&e=[REMOVED]",
               "removeState":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/removeState?i=219&e=[REMOVED]",
               "updateMeetingSettings":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/updateMeetingSettings?i=219&e=[REMOVED]",
               "searchParticipants":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/searchParticipants?i=219&e=[REMOVED]",
               "getAllParticipants":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/getAllParticipants?i=219&e=[REMOVED]",
               "admitAll":"https://conv-euwe-10.conv.skype.com:443/conv/[REMOVED - CONVERSATION ID]/admitAll?i=219&e=[REMOVED]"
            },
            "capabilities":{
               "cloudAudioVideoConference":"enabled",
               "cloudScreenSharing":"disabled",
               "hostlessConference":"disabled",
               "cloudMerge":"disabled",
               "additionalModalityOperationLinks":"disabled",
               "implicitCallback":"disabled",
               "autoJoinOnConflict":"disabled",
               "supportsCompressedServicePayload":"disabled",
               "serverMuteUnmute":"disabled",
               "supportNgcMediaControl":"disabled"
            },
            "subscriptionDetails":{
               "selfParticipant":{
                  "version":0,
                  "state":"active",
                  "details":{
                     "id":"8:[REMOVED]",
                     "displayName":"[REMOVED]",
                     "endpointId":"00000000-0000-0000-0000-000000000000",
                     "participantId":null,
                     "languageId":null,
                     "hidden":false
                  },
                  "endpoints":null,
                  "role":"admin"
               }
            }
         }
      }
   ],
   "debugContent":{
      "callId":"removedf-ffff-ffff-ffff-ffffffffffff",
      "participantId":"removedf-ffff-ffff-ffff-ffffffffffff"
   }
}

Outlook 的 Web 应用程序似乎也拒绝了呼叫，即使它似乎没有通过以下请求拒绝它：

{callEnd: {code: 410, subCode: 3111, phrase: "CallEndReasonMediaOfferProcessingError"}}

2021 年现在有一个可用的 Skype 解析器。它是 skype-resolver.net，如果您尝试查找自己，它会打电话给您。旧的安全漏洞尚未完全修补，或者发现了新的安全漏洞。目前尚不清楚该站点是自动呼叫您，还是仅在有人试图查找您时才呼叫您。是否接听都没关系——如果你尝试，通话将立即结束。

似乎有一个简单的解决方法。在您每台活动的 Skype 设备上，转到您的设置，然后启用选项“仅允许来自联系人的 Skype 呼叫在此设备上响铃”。虽然您仍然会看到来自访客用户名的未接来电通知，但站点本身将输出“无法解析用户”，并且不会列出当前 IP。话虽如此，您过去拥有的 IP 可能仍然可见。

其它你可能感兴趣的问题

上一篇TLS 重放攻击 - serverHello nonce 的要求下一篇当性能不是问题时，可以改进哪些 gpg 默认值？