Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)

From: Bennett Todd (bet_at_rahul.net)
Date: 07/29/04

  • Next message: syedk: "[fw-wiz] MSN and ICQ Applications with SOCKS support"
    To: ArkanoiD <ark@eltex.net>
    Date: Thu, 29 Jul 2004 01:48:15 +0000
    
    
    

    2004-07-29T00:07:22 ArkanoiD:
    > Unless kerberized (i've yet to see a firewall that integrates with
    > kerberos properly - or should i do it myself) socks authentication
    > is ridiculously weak (reusable password) :-(.

    A lot of shops use reuseable passwords extensively on their internal
    networks.

    > No implementation is even ssl-enabled..

    I've not looked into it in detail, but one shop I worked at had
    what they called a "vpn" for remote access (I disputed the name:-)
    that was simply socks over SSL.

    > Speaking of SSL, there is standard CONNECT method (which is no better,
    > just the proxy is more simple than socks)

    I can't agree with that, sock is extraordinarily simple, I've yet to
    see an HTTP proxy that was as simple. If nothing else HTTP is more
    complex to parse.

    But I wasn't really thinking about https when I mentioned sock as
    handy for adding slightly more control to SSL than port forwarding,
    more thinking about other arbitrary apps that encapsulate over ssl,
    not an uncommon strategy for various b2b one-offs.

    And, speaking of the standard CONNECT method used by http
    browsers and proxies to bore https through firewalls, at least
    one socks client implementation (Dante's) can route over it.
    Of late my favourite socks client is the gloriously simple
    connect by Shun-ichi GOTO <gotoh@taiyo.co.jp>, available from
    <URL:http://www.imasy.or.jp/~gotoh/ssh/connect.c>. I first learned
    about it by searching for how to socksify openssh. Oh, and it can
    route over http proxies via CONNECT as well:-).

    -Bennett

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: syedk: "[fw-wiz] MSN and ICQ Applications with SOCKS support"

    Relevant Pages

    • Re: JAVA Probleme Port 8002
      ... HTTP Proxy Server herstellen, da der Server keine Kommunikation über HTTP ... Das Chatapplet funktioniert gut durch Firewalls mit SOCKS oder NAT. ...
      (microsoft.public.de.german.isaserver)
    • Re: JAVA Probleme Port 8002
      ... HTTP Proxy Server herstellen, da der Server keine Kommunikation über HTTP ... Das Chatapplet funktioniert gut durch Firewalls mit SOCKS oder NAT. ... Du kannst in den GPOs einige Einstellungen fuer den IE welche Java relevant sind, ...
      (microsoft.public.de.german.isaserver)
    • Re: How to open a socket through a proxy server?
      ... > What sort of proxy server? ... HTTP and SOCKS proxy servers. ... but it fails by timeout. ...
      (comp.lang.perl.misc)
    • Re: How to open a socket through a proxy server?
      ... >> What sort of proxy server? ... > I have both proxies, HTTP and SOCKS proxy servers. ...
      (comp.lang.perl.misc)
    • Re: Access Internet from Office Network
      ... that advanced tab I have the same proxy server name on HTTP and Socks ...
      (microsoft.public.pocketpc)