SOCKS Richard Bhuleskar Atul Patil Vinit Mahedia Virendra Kucherriya Vasanthnag Vasili Team: Unison
Abbreviation for “SOCKetS”. Allows client-server applications to transparently use the services which are behind network firewall. General Proxy for TCP/IP based applications. What is SOCKS
Need generic framework to transparently and securely traverse firewall. Need strong authentication for traversal. Conveniently and Securely use firewall services. Why socks?
SOCKS and OSI Application Transport Physical Application Transport Physical Transport Physical Server Client Firewall (SOCKS Proxy)
SOCKS Connection SOCKS request SOCKS SERVER Internet Web server Amazon.com Firewall Corporate network
Packet changes Destination address: amazon.com Destination port: 80 (HTTP) Data: "GET /page.html“ Destination address: socks_server.com Destination port: TCP 1080 (SOCKS) Data: Destination address = amazon.com, Destination port = TCP 80 (HTTP), Data = "GET /page.html"
SOCKS Flexibility HTTP Server SOCKS (HTTP) SOCKS SERVER Internet SOCKS (FTP) FTP Server Firewall
Client Sends The Message to Server : Server Says : SOCKS: Client Server Rendezvous
SOCKS : Request Structure Where, VER : protocol version : X'05' CMD : CONNECT : X'01' BIND : X'02' UDP ASSOCIATE : X'03' RSV : RESERVED ATYP : address type of following address IP V4 address : X'01‘ DOMAINNAME : X'03‘ IP V6 address : X'04‘ DST.ADDR desired destination address DST.PORT desired destination port in network octet order
SOCKS : Reply Structure Where, VER : protocol version : X'05' CMD : X'00' succeeded X'01' general SOCKS server failure X'02' connection not allowed by ruleset X'03' Network unreachable X'04' Host unreachable X'05' Connection refused X'06' TTL expired X'07' Command not supported X'08' Address type not supported X'09' to X'FF' unassigned BIND.ADDR : Server Bound Address DST.PORT : Server Bound port in network octet order
Features Transparent network access across multiple servers. Hides internal network addresses. Only SOCKS server have IP address. Simple network security policy management. Rapid deployment of new network application
Security Considerations Designed for application layer protocols to traverse across the firewalls. Authentication and encapsulation - negotiated between SOCKS server and client. Authentication mechanisms supported by server are configurable.
Benefits Adds value to security-oriented product. Only allows configured users to communicate transparently across firewall. Authenticates user and establishes communication channel. Use with TCP/UDP. Supports ICMP redirection Handles all application (HTTP, Telnet, FTP….)
Drawbacks Non Transparent Proxy: Client software needs to be modified. connect() Rconnect() listen() Rlisten() Non Caching Proxy: Does not cache or log, URL that are accessed.
Conclusion SOCKS enhances Firewall usability. In addition to rule based access, provides user based authentication for external network access. Useful for corporate networks.
References RFC 1928 - http://faqs.org/rfcs/rfc1928.html Firewall: In and Out on the net -www.medialab.di.unipi.it/doc/JNetSec/jns_ch12.htm Tech View: Ten myths about SOCKS -http://www.commsdesign.com/main/1999/06/9906topten.htm What is SOCKS? http://www.infosecwriters.com/text_resources/pdf/what_is_socks.pdf SOCKS: Protocol for sessions traversal across firewall securely - http://www.networkdictionary.com/protocols/socks.php SOCKS - http://en.wikipedia.org/wiki/SOCKS