Previous Table of Contents Next


Socks Stuff

Socks is a really common generic proxy server. The bummer about any generic circuit proxy server is that unless a given application has built-in support for it, you need to use a separate socks client. Two companies distribute free client software that will “socksify” your games or other fun toys:

  NEC (http://www.socks.nec.com) This is the least intrusive client; that is, it runs as a “launcher,” without the need to modify system files. You use dialog boxes to configure it with the name of your socks server, the socks port (by default, port 1080), and the names and locations of the program files that you want to use the socks server. See Figure 20.1 for a sample configuration. As you can see, this is really simple.


Figure 20.1  SocksCap32 is really easy to configure and use.

  Hummingbird Communications (http://www.hummingbird.com) This client gets underneath your network DLL files and intercepts all TCP/IP connections. The Hummingbird client is a lot more intrusive to your PC because it replaces Windows system files with its own files. Another bad thing about the Hummingbird client is that it’s not obvious when a workstation is using it; that is, there’s no icon that appears on your desktop. Therefore, troubleshooting in general gets tougher, because you might not realize that the client is running on the workstation.

Do these clients work all the time for all programs? No, but at least one of these clients will work for the majority of software out there. If you have success with either of them, it’s a lot simpler (and safer) than monkeying around with firewall configuration.


To find out whether someone has installed the Hummingbird socks client on a PC, check the C:\Windows\System directory for a file named WSOCK32O.DLL—if you see this file, it’s likely that the Hummingbird client has been installed on the PC.

There’s also no graphical setup. You must configure the client by editing the SOCKS.CNF file in your Windows system. Here’s an example of how I might set up a Hummingbird configuration file for a simple two-segment network:

Direct 192.168.1.0 255.255.255.0
Direct 192.168.2.0 255.255.255.0
@SockD4 = 192.168.2.10 0.0.0.0 0.0.0.0

In a nutshell, this file means that you’re directly connected to 192.168.1.0 and 192.168.2.0. Traffic to those segments will not use the socks server. All other traffic will be passed to the socks 4 server at 192.168.2.10.

In a nutshell, Hummingbird’s client is extremely configurable yet hard to configure, and it adopts a “grab everything that goes on in the network and deal with it according to my configuration file” policy. Although this client works with more applications than does the NEC client, it affects all rather than some applications you run. The NEC client, on the other hand, is less intrusive, more friendly to configure, requires a separate configuration for each application, and sometimes doesn’t work for certain applications because it is less intrusive.

Let’s take a look at some common toys; you can apply the techniques used for these to other fun apps. We’ll start with simple examples and get more complex as we go.

AOL Instant Messenger

Okay, what’s the deal here? What is AIM? AIM is a fun way for folks to talk back and forth across the Internet in real time. However, it wants you to establish a TCP connection to one of AOL’s servers in the field, and your firewall may be preventing this.

Make sure that your firewall allows TCP socket 5190 on an outgoing basis (it does if your firewall policy is to allow everything from the inside to go out). If you have a socks or HTTPS (HTTP Secure) proxy server, no problem. As you can see in Figure 20.2, the setup screen for AIM gives you the option to configure it for these types of proxy servers. It’s very friendly.


Figure 20.2  The AOL Instant Messenger can use socks 4, socks 5, or an HTTPS proxy.

AOL NetMail

America Online allows its users to check their email outside of their regular software by using a Web-based interface. A special plug-in is downloaded for your browser, and you can read your email in a jiffy. The Web component doesn’t pick up on your browser’s proxy settings; you simply need to configure it similarly to your browser, as shown in Figure 20.3. (You can also use the earlier tips to find out where your proxy server is.)


Figure 20.3  AOL NetMail supports socks 4 and socks 5; if you only have application-specific proxies such as FTP and HTTP, you may be out of luck.

NetMail is similar to AOL’s Instant Messenger; it uses one outgoing-only TCP connection to port 5190 on the server side.

ICQ

Mirabilis’s ICQ is arguably the most popular real-time chat program out there. It has great support for socks servers, as you can see from Figure 20.4. However, this is one program that is hard to use with a filtering firewall; although it only needs one TCP port (4000) to contact the ICQ server on the Internet, the workstation must then be able to get connections initiated from the outside on many TCP ports—that is, incoming connections on your network. (Configured for socks, ICQ needs no incoming connections; it simply uses the established connection you create through the proxy.)


Figure 20.4  Socks 4 and socks 5 are the preferred proxy servers for ICQ; a filtering firewall is much harder to configure.

Without using socks, the ICQ client software prefers at least 12 incoming ports; even worse, it likes to assign them randomly. To make life easy on you or your firewall administrator, ICQ allows you to specify a “static” port range rather than a random port range, which means that you must manually configure each ICQ client. Still, many organizations have an outgoing-only policy on firewall connections, and it’s hard to justify opening up so many incoming ports just to let people run a Net toy. Sheesh!

Here’s the bottom line: You can use ICQ with a filtering firewall, but it’s a lot easier and safer to simply use it with a proxy server.


Previous Table of Contents Next