Transcript SOCKS PROTOCOL

Team: Unison
Richard Bhuleskar
Atul Patil
Vinit Mahedia
Virendra Kucherriya
Vasanthnag Vasili
WHAT IS SOCKS

Abbreviation for “SOCKetS”.

Allows client-server applications to transparently
use the services which are behind network
firewall.

General Proxy for TCP/IP based applications.
WHY SOCKS?
Need generic framework to transparently and
securely traverse firewall.
 Need strong authentication for traversal.
 Conveniently and Securely use firewall services.

SOCKS and OSI
Application
Application
Transport
Transport
Transport
Physical
Physical
Physical
Client
Firewall
(SOCKS Proxy)
Server
SOCKS Connection
SOCKS
request
SOCKS
SERVER
Internet
Web server
Amazon.com
Firewall
Corporate network
Packet changes
Destination address: amazon.com
Destination port: 80 (HTTP)
Data: "GET /page.html“
Destination address: socks_server.com
Destination port: TCP 1080 (SOCKS)
Data: Destination address = amazon.com,
Destination port = TCP 80 (HTTP),
Data = "GET /page.html"
SOCKS Flexibility
HTTP Server
SOCKS
(HTTP)
SOCKS
SERVER
Internet
SOCKS
(FTP)
FTP Server
Firewall
SOCKS in your system
SOCKS: Client Server Rendezvous



Client Sends The Message to Server :
VER
NMETHODS
METHOD
1
1
1 to 255
Server Says :
VER
METHOD
1
1
SOCKS : Request Structure
VER
1
CMD
1
RSV
X’00’
ATYP
1
DST.ADDR
Variable
DST.PORT
2
Where,
VER : protocol version : X'05'
CMD :
CONNECT
: X'01'
BIND
: X'02'
UDP ASSOCIATE : X'03'
RSV : RESERVED
ATYP : address type of following address
IP V4 address
: X'01‘
DOMAINNAME : X'03‘
IP V6 address
: X'04‘
DST.ADDR desired destination address
DST.PORT desired destination port in network octet order
SOCKS : Reply Structure
VER
REP
1
1
RSV
X’00’
ATYP
1
BIND.ADDR
Variable
BIND.PORT
2
Where,
VER : protocol version : X'05'
CMD :
X'00' succeeded
X'01' general SOCKS server failure
X'02' connection not allowed by ruleset
X'03' Network unreachable
X'04' Host unreachable
X'05' Connection refused
X'06' TTL expired
X'07' Command not supported
X'08' Address type not supported
X'09' to X'FF' unassigned
BIND.ADDR : Server Bound Address
DST.PORT : Server Bound port in network octet order
Features
Transparent network access across multiple
servers.
 Hides internal network addresses. Only SOCKS
server have IP address.
 Simple network security policy management.
 Rapid deployment of new network application

Security Considerations
Designed for application layer protocols to
traverse across the firewalls.
 Authentication and encapsulation - negotiated
between SOCKS server and client.
 Authentication mechanisms supported by
server are configurable.

Benefits
Adds value to security-oriented product.
 Only allows configured users to communicate
transparently across firewall.
 Authenticates user and establishes
communication channel.
 Use with TCP/UDP. Supports ICMP redirection
 Handles all application (HTTP, Telnet, FTP….)

Drawbacks

Non Transparent Proxy: Client software needs
to be modified.
connect()  Rconnect()
listen()
 Rlisten()

Non Caching Proxy: Does not cache or log, URL
that are accessed.
Conclusion
SOCKS enhances Firewall usability.
 In addition to rule based access, provides user
based authentication for external network
access.
 Useful for corporate networks.

References


RFC 1928 - http://faqs.org/rfcs/rfc1928.html
Firewall: In and Out on the net www.medialab.di.unipi.it/doc/JNetSec/jns_ch12.htm

Tech View: Ten myths about SOCKS http://www.commsdesign.com/main/1999/06/9906topten.htm

What is SOCKS?
http://www.infosecwriters.com/text_resources/pdf/what_is_socks.pdf

SOCKS: Protocol for sessions traversal across firewall securely http://www.networkdictionary.com/protocols/socks.php

SOCKS - http://en.wikipedia.org/wiki/SOCKS