There is a popular belief that Skype client is very hard to block on the network layer, due to it’s Peer-To-Peer behavior and usage of HTTP/S ports.
However at present time (December, 2012) Skype client connections can be blocked pretty simply by a few firewall rules. After startup, Skype client receives a number of it’s master (login?) servers – dsnX.d.skype.net. Currently there are 16 DNS entries from dsn0.d.skype.net to dsn16.dsn.skype.net.
Using simple bash script (uses Linux DNS utility – dig) we can get most of these server’s IP addresses:
Just block all access to following networks and Skype client won’t be able to authenticate and connect.
220.127.116.11/24 18.104.22.168/24 22.214.171.124/24 126.96.36.199/24 188.8.131.52/24 184.108.40.206/24 220.127.116.11/24 18.104.22.168/24 22.214.171.124/24
For Linux router, with IPtables firewall, you may use following command: