Firewall Wizards mailing list archives
Re: socks (was Re: FEP - Firewall enhancement protocol)
From: Bennett Todd <bet () rahul net>
Date: Thu, 29 Jul 2004 01:48:15 +0000
2004-07-29T00:07:22 ArkanoiD:
Unless kerberized (i've yet to see a firewall that integrates with kerberos properly - or should i do it myself) socks authentication is ridiculously weak (reusable password) :-(.
A lot of shops use reuseable passwords extensively on their internal networks.
No implementation is even ssl-enabled..
I've not looked into it in detail, but one shop I worked at had what they called a "vpn" for remote access (I disputed the name:-) that was simply socks over SSL.
Speaking of SSL, there is standard CONNECT method (which is no better, just the proxy is more simple than socks)
I can't agree with that, sock is extraordinarily simple, I've yet to see an HTTP proxy that was as simple. If nothing else HTTP is more complex to parse. But I wasn't really thinking about https when I mentioned sock as handy for adding slightly more control to SSL than port forwarding, more thinking about other arbitrary apps that encapsulate over ssl, not an uncommon strategy for various b2b one-offs. And, speaking of the standard CONNECT method used by http browsers and proxies to bore https through firewalls, at least one socks client implementation (Dante's) can route over it. Of late my favourite socks client is the gloriously simple connect by Shun-ichi GOTO <gotoh () taiyo co jp>, available from <URL:http://www.imasy.or.jp/~gotoh/ssh/connect.c>. I first learned about it by searching for how to socksify openssh. Oh, and it can route over http proxies via CONNECT as well:-). -Bennett
Attachment:
_bin
Description:
Current thread:
- FEP - Firewall enhancement protocol Darren Reed (Jul 23)
- Re: FEP - Firewall enhancement protocol Mark . Boltz (Jul 23)
- Re: FEP - Firewall enhancement protocol ArkanoiD (Jul 28)
- socks (was Re: FEP - Firewall enhancement protocol) Bennett Todd (Jul 28)
- Message not available
- Re: socks (was Re: FEP - Firewall enhancement protocol) Bennett Todd (Jul 29)
- Re: socks (was Re: FEP - Firewall enhancement protocol) ArkanoiD (Jul 29)
- Re: FEP - Firewall enhancement protocol ArkanoiD (Jul 28)
- Re: FEP - Firewall enhancement protocol Mark . Boltz (Jul 23)