Berkeley CSUA MOTD:Entry 24620
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/03 [General] UID:1000 Activity:popular
4/3     

2002/4/28 [Computer/Networking] UID:24620 Activity:high
4/26    What exactly is socks5?
        \_ See RFC 1928: http://www.socks.nec.com/rfc/rfc1928.txt
           Basically it is a way of connecting disconnected firewalled
           networks using a application layer proxy
2025/04/03 [General] UID:1000 Activity:popular
4/3     

You may also be interested in these entries...
2009/11/4-17 [Computer/SW/P2P, Computer/Networking, Computer/SW/Security] UID:53495 Activity:nil
11/4    Holy cow, I got a warning from my ISP that they were notified
        by BSA/baytsp.com that I was copying music/video/software.
        Do they do port scan or something? That's a first for me.
        \_ They hang out on P2P networks and track IP addresses.  -tom
           \_ I believe they are paid by content providers to perform this
              monitoring service, so you should only run this risk with content
	...
2008/11/7-13 [Computer/Networking] UID:51876 Activity:low
11/7    Need help on http proxy. After I VPN to work, I'd like to tunnel
        all the traffic to my machine. How do I setup my machine (Linux)
        as a proxy server so that my home computers can route through it?
        I'm asking because the site we're testing on requires that we
        come from the same IP. If I use VPN, the server will reject me
        based on the fact that it's a different IP than my work Linux.
	...
2008/8/5-10 [Computer/Networking] UID:50788 Activity:nil
8/5     It looks like my company has started blocking HTTPS tunneling.
        I used to do this by tunneling SSH through the HTTP/HTTPS proxy
        server, but this seems to have stopped working. Does anyone know
        how the implementation of tunneling detection works, and whether
        there are widely available implementations? We run a bunch of MS
        stuff, so I imagine we're running an MS proxy server or something.
	...
2007/6/28-7/2 [Computer/Networking] UID:47104 Activity:nil
6/28    what?
        We are deeply, deeply sorry to say that due to licensing constraints,
        we can no longer allow access to Pandora for most listeners located
        outside of the U.S. We will continue to work diligently to realize
        the vision of a truly global Pandora, but for the time being we are
        required to restrict its use. We are very sad to have to do this, but
	...
2007/6/28-7/2 [Computer/SW/SpamAssassin] UID:47111 Activity:nil
6/28    Q: What are folks using these days for anti-spam measures?  I'm
        looking for something that integrates with my MTA (postfix) or my
        delivery agent (sieve).  Currently I'm using a crufty version of
        spamassassin wired into postfix via amavisd-new.  It's decent, but I
        don't want to be bothered with manually upgrading spamassassin or
        updating rulesets on a regular basis.  Anyone have any experience
	...
2006/10/31-11/2 [Computer/SW/OS/Windows] UID:45057 Activity:moderate
10/31   A friend of mine said he's loving Microsoft again because Bill G
        is starting to donate all of his money to charity. He's boycotting
        Google, Yahoo, and other mega companies because they're too big and
        too power and thinks they're all becoming the old Microsoft, whereas
        Microsoft has recently done a lot of good things like investing in
        education and charity. He just paid for a copy of Microsoft Windows
	...
2006/6/16-19 [Computer/Companies/Google] UID:43418 Activity:nil
6/15    Oh dear lord.  It seems SpamCop is blacklisting certain IPs used by
        Gmail.  Gmail does not reveal the sending IP for privacy reasons, so
        when Gmail users send mail to honeypots, Gmail's servers get
        blacklisted.  Has anyone else noticed this?
        \_ SpamCop has long been a bastion of incompetence. --scotsman
        \_ If you're a proxy for spam you should be blocked the same as direct
	...
2006/5/8 [Computer/SW/Security] UID:42976 Activity:moderate
5/8     why you are getting all that blue frog spam
        http://q.queso.com/archives/001917 - danh
        \_ While I'm not ready to call it outright bullshit, I'm skeptical:
           * Most DNS operators with a clue set TTL values to cache records
             for 24 hours to one week.  The DNS notify mechanism leaves much
             to be desired.  Thus, changing a DNS pointer is unlikely to
	...
2006/2/18-23 [Computer/Networking] UID:41923 Activity:low
2/18    My DSL modem's ip address is 192.168.0.1, my internal network
        behind my router is 10.0.0.x. Is there a way I can configure
        the router so I can access the DSL modem from my 10.0.0.x
        network directly without re-wiring? Static routes? I tried it
        but no much luck. I also tried changing my internal network to
        192.168.0.x, but still does not work. Thanks.
	...
2006/1/28-31 [Computer/Networking] UID:41585 Activity:low
1/28    Just switched to Comcast from SBC and generally happy with it.  But
        can someone please explain to me why they are constantly pumping
        ARP traffic through the network?  It seems harmless, but I'm curious
        as I didn't see it with DSL.  It's a little disconcerting to see
        constant traffic on your router, even if ARPs are harmless from
        a bandwidth perspective, and it makes the WAN send/receive light
	...
2006/1/22-24 [Computer/Networking] UID:41477 Activity:nil
1/21    I am trying to setup a small network for my girlfriend's
        mom's company.  They just bought an accounting package
        which requires windows 2003 server.  And they want internet
        access from each computer.  How should the network be setuped?
        Would it be dumb to use static IP for each computer and a
        computer as internet gateway?
	...
Cache (8192 bytes)
www.socks.nec.com/rfc/rfc1928.txt
This new protocol stems from active discussions and prototype implementations. The key contributors are: Marcus Leech: Bell-Northern Research, David Koblas: Independent Consultant, Ying-Da Lee: NEC Systems Laboratory, LaMont Jones: Hewlett-Packard Company, Ron Kuris: Unify Corporation, Matt Ganis: International Business Machines. Introduction The use of network firewalls, systems that effectively isolate an organizations internal network structure from an exterior network, such as the INTERNET is becoming increasingly popular. These firewall systems typically act as application-layer gateways between networks, usually offering controlled TELNET, FTP, and SMTP access. With the emergence of more sophisticated application layer protocols designed to facilitate global information discovery, there exists a need to provide a general framework for these protocols to transparently and securely traverse a firewall. Leech, et al Standards Track Page 1 RFC 1928 SOCKS Protocol Version 5 March 1996 There exists, also, a need for strong authentication of such traversal in as fine-grained a manner as is practical. This requirement stems from the realization that client-server relationships emerge between the networks of various organizations, and that such relationships need to be controlled and often strongly authenticated. The protocol described here is designed to provide a framework for client-server applications in both the TCP and UDP domains to conveniently and securely use the services of a network firewall. The protocol is conceptually a "shim-layer" between the application layer and the transport layer, and as such does not provide network- layer gateway services, such as forwarding of ICMP messages. Existing practice There currently exists a protocol, SOCKS Version 4, that provides for unsecured firewall traversal for TCP-based client-server applications, including TELNET, FTP and the popular information- discovery protocols such as HTTP, WAIS and GOPHER. This new protocol extends the SOCKS Version 4 model to include UDP, and extends the framework to include provisions for generalized strong authentication schemes, and extends the addressing scheme to encompass domain-name and V6 IP addresses. The implementation of the SOCKS protocol typically involves the recompilation or relinking of TCP-based client applications to use the appropriate encapsulation routines in the SOCKS library. Note: Unless otherwise noted, the decimal numbers appearing in packet- format diagrams represent the length of the corresponding field, in octets. Where a given octet must take on a specific value, the syntax X'hh' is used to denote the value of the single octet in that field. When the word 'Variable' is used, it indicates that the corresponding field has a variable length defined either by an associated (one or two octet) length field, or by a data type field. Procedure for TCP-based clients When a TCP-based client wishes to establish a connection to an object that is reachable only via a firewall (such determination is left up to the implementation), it must open a TCP connection to the appropriate SOCKS port on the SOCKS server system. The SOCKS service is conventionally located on TCP port 1080. If the connection request succeeds, the client enters a negotiation for the Leech, et al Standards Track Page 2 RFC 1928 SOCKS Protocol Version 5 March 1996 authentication method to be used, authenticates with the chosen method, then sends a relay request. The SOCKS server evaluates the request, and either establishes the appropriate connection or denies it. Unless otherwise noted, the decimal numbers appearing in packet- format diagrams represent the length of the corresponding field, in octets. Where a given octet must take on a specific value, the syntax X'hh' is used to denote the value of the single octet in that field. When the word 'Variable' is used, it indicates that the corresponding field has a variable length defined either by an associated (one or two octet) length field, or by a data type field. The client connects to the server, and sends a version identifier/method selection message: +----+----------+----------+ |VER | NMETHODS | METHODS | +----+----------+----------+ | 1 | 1 | 1 to 255 | +----+----------+----------+ The VER field is set to X'05' for this version of the protocol. The NMETHODS field contains the number of method identifier octets that appear in the METHODS field. The server selects from one of the methods given in METHODS, and sends a METHOD selection message: +----+--------+ |VER | METHOD | +----+--------+ | 1 | 1 | +----+--------+ If the selected METHOD is X'FF', none of the methods listed by the client are acceptable, and the client MUST close the connection. The values currently defined for METHOD are: X'00' NO AUTHENTICATION REQUIRED X'01' GSSAPI X'02' USERNAME/PASSWORD X'03' to X'7F' IANA ASSIGNED X'80' to X'FE' RESERVED FOR PRIVATE METHODS X'FF' NO ACCEPTABLE METHODS The client and server then enter a method-specific sub-negotiation. Leech, et al Standards Track Page 3 RFC 1928 SOCKS Protocol Version 5 March 1996 Descriptions of the method-dependent sub-negotiations appear in separate memos. Developers of new METHOD support for this protocol should contact IANA for a METHOD number. The ASSIGNED NUMBERS document should be referred to for a current list of METHOD numbers and their corresponding protocols. Compliant implementations MUST support GSSAPI and SHOULD support USERNAME/PASSWORD authentication methods. Requests Once the method-dependent subnegotiation has completed, the client sends the request details. If the negotiated method includes encapsulation for purposes of integrity checking and/or confidentiality, these requests MUST be encapsulated in the method- dependent encapsulation. PORT desired destination port in network octet order The SOCKS server will typically evaluate the request based on source and destination addresses, and return one or more reply messages, as appropriate for the request type. Leech, et al Standards Track Page 4 RFC 1928 SOCKS Protocol Version 5 March 1996 5. ADDR), the ATYP field specifies the type of address contained within the field: X'01' the address is a version-4 IP address, with a length of 4 octets X'03' the address field contains a fully-qualified domain name. The first octet of the address field contains the number of octets of name that follow, there is no terminating NUL octet. X'04' the address is a version-6 IP address, with a length of 16 octets. Replies The SOCKS request information is sent by the client as soon as it has established a connection to the SOCKS server, and completed the authentication negotiations. PORT server bound port in network octet order Fields marked RESERVED (RSV) must be set to X'00'. If the chosen method includes encapsulation for purposes of authentication, integrity and/or confidentiality, the replies are encapsulated in the method-dependent encapsulation. ADDR is often different from the IP address that the client uses to reach the SOCKS server, since such servers are often multi-homed. PORT, and the client-side source address and port in evaluating the CONNECT request. BIND The BIND request is used in protocols which require the client to accept connections from the server. It is expected that the client side of an application protocol will use the BIND request only to establish secondary connections after a primary connection is established using CONNECT. Two replies are sent from the SOCKS server to the client during a BIND operation. The first is sent after the server creates and binds a new socket. PORT field contains the port number that the SOCKS server assigned to listen for an incoming connection. The client will typically use these pieces of information to notify (via the primary or control connection) the application server of the rendezvous address. The second reply occurs only after the anticipated incoming connection succeeds or fails. ADDR fields contain the address and port number of the connecting host. UDP ASSOCIATE The UDP ASSOCIATE request is used to establish an association within the UDP relay process to handle UDP datagrams. PO...