Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)

• Previous message: Bennett Todd: "[fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Maybe in reply to: Bennett Todd: "[fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Next in thread: ArkanoiD: "Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Reply: ArkanoiD: "Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: ArkanoiD <ark@eltex.net>
Date: Thu, 29 Jul 2004 01:48:15 +0000

2004-07-29T00:07:22 ArkanoiD:
> Unless kerberized (i've yet to see a firewall that integrates with
> kerberos properly - or should i do it myself) socks authentication
> is ridiculously weak (reusable password) :-(.

A lot of shops use reuseable passwords extensively on their internal
networks.

> No implementation is even ssl-enabled..

I've not looked into it in detail, but one shop I worked at had
what they called a "vpn" for remote access (I disputed the name:-)
that was simply socks over SSL.

> Speaking of SSL, there is standard CONNECT method (which is no better,
> just the proxy is more simple than socks)

I can't agree with that, sock is extraordinarily simple, I've yet to
see an HTTP proxy that was as simple. If nothing else HTTP is more
complex to parse.

But I wasn't really thinking about https when I mentioned sock as
handy for adding slightly more control to SSL than port forwarding,
more thinking about other arbitrary apps that encapsulate over ssl,
not an uncommon strategy for various b2b one-offs.

And, speaking of the standard CONNECT method used by http
browsers and proxies to bore https through firewalls, at least
one socks client implementation (Dante's) can route over it.
Of late my favourite socks client is the gloriously simple
connect by Shun-ichi GOTO <gotoh@taiyo.co.jp>, available from
<URL:http://www.imasy.or.jp/~gotoh/ssh/connect.c>. I first learned
about it by searching for how to socksify openssh. Oh, and it can
route over http proxies via CONNECT as well:-).

-Bennett

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• application/pgp-signature attachment: stored

• Previous message: Bennett Todd: "[fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Maybe in reply to: Bennett Todd: "[fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Next in thread: ArkanoiD: "Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Reply: ArkanoiD: "Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: JAVA Probleme Port 8002 ... HTTP Proxy Server herstellen, da der Server keine Kommunikation über HTTP ... Das Chatapplet funktioniert gut durch Firewalls mit SOCKS oder NAT. ... (microsoft.public.de.german.isaserver) Re: JAVA Probleme Port 8002 ... HTTP Proxy Server herstellen, da der Server keine Kommunikation über HTTP ... Das Chatapplet funktioniert gut durch Firewalls mit SOCKS oder NAT. ... Du kannst in den GPOs einige Einstellungen fuer den IE welche Java relevant sind, ... (microsoft.public.de.german.isaserver) Re: How to open a socket through a proxy server? ... > What sort of proxy server? ... HTTP and SOCKS proxy servers. ... but it fails by timeout. ... (comp.lang.perl.misc) Re: How to open a socket through a proxy server? ... >> What sort of proxy server? ... > I have both proxies, HTTP and SOCKS proxy servers. ... (comp.lang.perl.misc) Re: Access Internet from Office Network ... that advanced tab I have the same proxy server name on HTTP and Socks ... (microsoft.public.pocketpc)