Well, not quite. SOCKS is a generic proxy not a tunnel. As with any
security mechanism, you need to configure it correctly. So, Jimi is
correct that you don't want to leave it wide open to the outside.
Just like router packet filtering, IP MASQ, ip chains, etc. if you
leave it wide open or set the rules the wrong direction, you leave
your internal machines at risk. So, do not make it default to
permitting everyone/everywhere and depending on then vendor's
implementation, it should be a simple task to make it only listen for
connections on its inside network interface. And of course, don't run
other services or put regular user accounts on a machine that's part
of your security implementation.
SOCKS v4 was the original, non-standard version that allowed TCP proxy
only and and ident authentication. SOCKS v5 is the standardized
protocol (RFC 1928) that proxies both TCP and UDP and allows strong
authentication. You can get technical information about SOCKS and the
answer to what SOCKS stands for in the faq at:
http://www.socks.nec.com/
How is it related to firewalls? On a machine with two network
interfaces, some people run it as a firewall -- nothing listening to
connections from the outside and using access control and optionally
authenticating to allow inside to proxy outside. It can be, and often
is, used in combination with a packet filtering or other firewall to
add authentication or access control policies at the user and
application level. Also, since SOCKS is not a uni-directional proxy
and it can be chained, you can also allow controlled / authenticated
access in or out, allowing for VPN type setup.
Well, sorry for the long-winded chatter for a short question.
--- Cornell
Jimi Aleshin wrote:
>SOCKS (Port 1080) is a firewall tunneling service. It allows many machines
>behind a firewall to access the Internet without actually being on the
>Internet themselves.
>In theory, SOCKS should only be visible from the internal side of the
>server, but not from the Internet. Hackers will frequently probe to see if
>SOCKS is visible from the other side. If that is the case, they can attack
>your internal network, or almost as bad, launch attacks on other Internet
>sites from your machine.
> /Jimi Aleshin
> Mail: [EMAIL PROTECTED]
> ICQ: 26180172
>----- Original Message -----
>From: Sandeep Shetty
> I don't know what SOCKS stands for? How is it related to firewalls. What
>is Socks4 and Socks5
>With lots of luv,
> Sandeep Shetty
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
