summaryrefslogtreecommitdiff
path: root/network/socks/socks.cstc.4.2/What_are_the_risks
diff options
context:
space:
mode:
Diffstat (limited to 'network/socks/socks.cstc.4.2/What_are_the_risks')
-rw-r--r--network/socks/socks.cstc.4.2/What_are_the_risks70
1 files changed, 0 insertions, 70 deletions
diff --git a/network/socks/socks.cstc.4.2/What_are_the_risks b/network/socks/socks.cstc.4.2/What_are_the_risks
deleted file mode 100644
index e8bd387d..00000000
--- a/network/socks/socks.cstc.4.2/What_are_the_risks
+++ /dev/null
@@ -1,70 +0,0 @@
->From daemon@inoc.dl.nec.com Wed Dec 1 17:44:07 1993
-Date: Wed, 1 Dec 93 17:42:55 CST
-From: ylee@syl.dl.nec.com (Ying-Da Lee)
-Message-Id: <9312012342.AA26065@florida.syl.dl.nec.com>
-To: socks@inoc.dl.nec.com, zz5@dswpa.dsdoe.ornl.gov
-Subject: Re: Comparing firewall packages...
-Cc: ylee@syl.dl.nec.com
-X-Mailing-List: socks@syl.dl.nec.com (SOCKS discussion list)
-Status: RO
-
->I will be working with SOCKS now. Any information would be
->appreciated. I just want to know how secure SOCKS is, and what
->guarantees can be made about it... Thanks.
-
-I don't know about guarantees. Should we start with 'as far as I
-know, there is no way...' and see where it ends?
-
-As far as I know, there is no way to initiate an attack into your
-firewalled internal network through SOCKS if your SOCKS server is
-properly configured. For example, if your internal network is
-200.100.50 and you put the line
-
-deny 0.0.0.0 0.0.0.0 200.100.50.0 255.255.255.0
-
-at the top of your sockd.conf, the SOCKS server will fend off
-all attempts to go through it to reach your inside hosts. No
-routing tricks or IP address spoofing will make any difference.
-
-This is not to say that you are not incurring some risks by
-running SOCKS. You are, but these are the risks/vulnerabilities
-accompanying the applications you allow to run on top of SOCKS,
-not with SOCKS itself. For example, doing any network communication
-without encryption runs the risk of having your password or other
-confidential information stolen, whether you use SOCKS or not.
-Blindly "displaying" a postscript file can end in a disaster
-regardless of whether you retrieved the file through SOCKS or
-not. SOCKS doesn't add more on top of these risks, but it doesn't
-help you deal with them either.
-
-Should it?
-
-It really can't if SOCKS is to remain a general purpose TCP relayer
-without delving into the specific application protocols. This accounts
-for the server's high effficiency. This independence of the application
-protocol also makes it easy to convert an application program into a
-SOCKS client. In addition, SOCKS probably will have a fairly easy time
-accommodating security devices in the application protocols if and when
-they are used.
-
-So, if on balance you find the security risks of existing telnet, ftp,
-Mosaic, etc. outweigh their usefulness to you and you are unable or
-unwilling to develop a more secure version, then SOCKS is not for you.
-If the balance tilts the other way, welcome to SOCKS.
-
-I hope that's enough for a start.
-
- Ying-Da Lee (214)518-3490 (214)518-3552 (FAX)
- Principal Member, Technical Staff
- NEC Systems Laboratory, C&C Software Technology Center /
- NEC USA, Corporate Network Administration Division
- ylee@syl.dl.nec.com
-
-**************
-The rest of this message was automatically appended by the socks list
-mail munger. To send a message to the entire list, address it to:
-socks@inoc.dl.nec.com. However, if you want to get off the list or
-change your address, please send a message to socks-request@inoc.dl.nec.com,
-and NOT the entire list. Thank you.
-**************
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 12:38:54 +0000