Microsoft has drastically overhauled the network running its Skype voice-over-IP service, replacing peer-to-peer client machines with thousands of Linux boxes that have been hardened against the most common types of hack attacks, a security researcher said.

The change, which Immunity Security's Kostya Kortchinsky said occurred about two months ago, represents a major departure from the design that has powered Skype for the past decade. Since its introduction in 2003, the network has consisted of "supernodes" made up of regular users who had sufficient bandwidth, processing power, and other system requirements to qualify. These supernodes then transferred data with other supernodes in a peer-to-peer fashion. At any given time, there were typically a little more than 48,000 clients that operated this way.

Kortchinsky's analysis, which has not yet been confirmed by Microsoft, shows that Skype is now being powered by a little more than 10,000 supernodes that are all hosted by the company. It's currently not possible for regular users to be promoted to supernode status. What's more, the boxes are running a version of Linux using grsecurity, a collection of patches and configurations designed to make servers more resistant to attacks. In addition to hardening them to hacks, the Microsoft-hosted boxes are able to accommodate significantly more users. Supernodes under the old system typically handled about 800 end users, Kortchinsky said, whereas the newer ones host about 4,100 users and have a theoretical limit of as many as 100,000 users.

"It's pretty good for security reasons because then you don't rely on random people running random stuff on their machine," Kortchinsky told Ars. "You just have something that's centralized and secure."

Kortchinsky discovered the Linux supernodes using a Skype probing technique he and colleague Fabrice Desclaux first demonstrated in 2006. (PDF versions of conference presentation slides are here and here.)

Kortchinsky's discovery comes as Microsoft said it's investigating recent demonstrations of an exploit that exposes the local and remote IP addresses of users who are logged in to the service. The attack reportedly relies on the open-source SkypeKit package.

A farewell to decentralized P2P

The banishment of user-supplied supernodes comes as the number of people simultaneously signed into Skype has mushroomed over the past year. According to Skype Journal's Phil Wolff, that number hit 41 million at the end of last year month, a 37-percent jump from the average number of concurrent users when Microsoft acquired Skype last May. Within weeks of the announcement of the $8.5 billion deal, a software crash left many users unable to use the service.

The changes raise a variety of questions about the suitability of peer-to-peer technology to run services that small and large businesses increasingly rely on to route sensitive calls and messages. Microsoft representatives weren't immediately available to comment on the changes observed by Kortchinsky, which were documented in a blog post published on Tuesday.

"It will definitely bring more stability and security and it may also bring more clients," Kortchinsky said of the changes.

Microsoft has not yet responded to our request for comment on this story.

Update

A Microsoft spokeswoman just released the following statement, which she attributed to Mark Gillett, CVP, Skype Product Engineering & Operations: