what does a SOCKS server do?

[rookie1010]

Hello

I was trying to figure out what a SOCKS server does, did a google for it and the wiki reads

"SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall. SOCKS is an abbreviation for "SOCKetS"

if SOCKS is transparent, then why have it in the first place, what is its use?
is the SOCKS a part of a firewall?

 

[jlazzaro]

SOCKS is something seperate from that actual firewall (think of it as a proxy server) that allows a host behind it to access resource outside the firewall while still meeting security regulations.

 

[kamper]

ssh can act as a socks server. I use it to tunnel http traffic through my university network from home. There are several resources that I need for class that only allow connections from university ip addresses. So my browser connects to ssh on my machine which passes the traffic down to the university server which then goes out and contacts the websites for me. Extremely handy.

 

[rookie1010]

What additional functionality does a SOCKS server provide over a firewall? because a firewall also enables a host behind it to access resource while meeting security regualtions.

what is ssh?

 

[Nothinman]

because a firewall also enables a host behind it to access resource while meeting security regualtions.

No, a firewall restricts a hosts access.

What additional functionality does a SOCKS server provide over a firewall?

It allows any app that speaks SOCKS to leave the network via that proxy, it's a generic proxy instead of one that's protocol specific like an HTTP proxy. Sadly SOCKS sucks and most apps don't support it anyway.

 

[rookie1010]

thanks for the reply

so what you mean to say is that if i have got an application "myApp" which uses port 9999. a firewall can be configured access to the application which uses port 9999.
and then if the application runs SOCKS then it can by pass the firewall restrictions, is that correct?

 

[Nothinman]

A firewall should have no idea about the application, just the ports in use. The stupid Windows firewalls that restrict access via binary name are just confusing people.

The firewall will still need to allow the SOCKS proxy out for any app that uses the SOCKS proxy to work. And I don't remember 100% how SOCKS works since no one really uses it, but I would assume the firewall would still need to allow the SOCKs proxy to connect to whatever ports you want to use. So for instance if you want to use the SOCKS proxy to read your mail via IMAP the firewall would still need to allow traffic on port 143 outbound.

Do you understand what an HTTP proxy is? If so, a SOCKS proxy is the exact same thing only instead of only allowing HTTP traffic it's more generic and can proxy any protocol.

 

[rookie1010]

thanks for the reply

i understand what an HTTP proxy is, it is a sort of gateway to which the clients send requests to access pages, this proxy may have some rules set up so that some web pages are not accessible.

so that would mean that if there is only one connection to the net, then one would have a socks proxy on that to protect the clients. so the socks server is independent of the firewall. and the firewall can block all the protocols supported by socks by blocking the appropriate ports, correct?

 

[Nothinman]

i understand what an HTTP proxy is, it is a sort of gateway to which the clients send requests to access pages, this proxy may have some rules set up so that some web pages are not accessible.

And a SOCKS proxy would function in much the same manner only it'll allow protocols besides HTTP.

so that would mean that if there is only one connection to the net, then one would have a socks proxy on that to protect the clients. so the socks server is independent of the firewall. and the firewall can block all the protocols supported by socks by blocking the appropriate ports, correct?

Actually I think most people ignore SOCKS proxies because application support for them is poor and the hole they open to the Internet is too large. Most places that I know of use just an HTTP proxy and only allow other protocols directly through the firewall on a business-case basis. Usually firewalls are configured in their most restricted state by default and then you open up the few ports that you need to work.

But yes the SOCKS proxy is logically seperate from the firewall, although they could be on the same physical box if you wanted them to be.

 

[rookie1010]

thanks for the reply,

i am a bit confused, a firewall restricts applications according to the rules set(block ports) whereas a SOCKS server allows applications through.

can you not achieve the same result as that achieved from the use of a SOCKS server by allowing the usage of ports on the firewall?
in other words, we could either use a SOCKS server or a firewall for the same purpose, correct?

i am looking at the wiki for SOCKS and it says


[SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall. SOCKS is an abbreviation for "SOCKetS" [1].

Clients behind a firewall, needing to access exterior servers, may connect to a SOCKS proxy server instead. Such proxy server controls the eligibility of the client to access the external server and passes the request on to the server. SOCKS can also be used in the opposite way, allowing the clients outside the firewall ("exterior clients") connect to servers inside the firewall (internal servers).
]


I guess the SOCKS server would need to use free ports on the firewall, if it is configured to use ports which are blocked by the firewall then there will be no communication>

how would a client

 

[Nothinman]

can you not achieve the same result as that achieved from the use of a SOCKS server by allowing the usage of ports on the firewall?
in other words, we could either use a SOCKS server or a firewall for the same purpose, correct?

Sort of, yes. A firewall (in general) only looks at the transport layer information (i.e. IP, port, etc) when making it's decisions on what to allow but a proxy works at the application layer so it can inspect the protocol and make more informed decisions. Some protocols don't map easily to just one port (i.e. FTP) so either your firewall has to be smarter than it really should or you end up opening a range of ports to get the protocol to work. If you using an application layer proxy it can watch the traffic and when it sees the PORT or PASV command it'll do the right thing with the right port.

There are exceptions though for instance most PIXes have "fixup" code that will watch the application layer data and try to do the right thing and netfilter has a module that lets you match any rule on the text of a packet.

Why are you so concerned with how a SOCKS proxy works anyway? Virtually no one uses them.

 

[rookie1010]

thanks for the reply

what is a PIX? the reason why i wanted to know how a SOCKS server works is to understand where they fit in the whole picture?

i guess the functionality of the SOCKS server is incorporated pretty much into a firewall, correct?

 

[Nothinman]

what is a PIX? the reason why i wanted to know how a SOCKS server works is to understand where they fit in the whole picture?

A PIX is a Cisco firewall device. The thing is that SOCKS firewall don't fit into the picture of most company's infrastructure.

i guess the functionality of the SOCKS server is incorporated pretty much into a firewall, correct?

Yes and no. Using a SOCKS proxy gives you a lot more flexibility but it also opens up more holes in your network for no good reason.

 

[rookie1010]

thanks for the reply

what sort of flexibility does the SOCKS server offer?

 

[Nothinman]

More than just access to HTTP sites like a HTTP proxy which is what most companies use.

 

[rookie1010]

thanks for the reply dude