Firewall Wizards mailing list archives
RE: Real Audio Security
From: ark () eltex ru
Date: Thu, 20 Jan 2000 13:03:13 +0300
-----BEGIN PGP SIGNED MESSAGE----- nuqneH, Socks (and remote sockets interface as an idea) is a very special kind of thing. Actually it has little to do with security (IMHO), but used widely as security tool providing false sense of security that is highly dangerous. Most people think "i have a firewall that supports socks protocol, so i just enable it in my applications and everything works!". Actually it is close to having no firewall at all (except you can use private IPs). The only difference is that you have remote sockets calls instead of local ones. All your protection is application-based and if your application is not written properly, you're in danger. So if some stupid piece of software binds a port to listen incoming connections, it can do. If there is a buffer overflow in it, you are owned. Countermeasures? Socks5 rfc advises that there should be a "control" connection to the same server to permit reverse-connections to an allocated port. It is not strictly followed in most implementations, AFAIR. And it will break things like irc dcc and some other "client-client" thingies. Restricting dangerous operations like bind? So say goodbye to all those multimedia protocols. Socks will offer no more functionality than NAT does. Writing crafty rulesets who is allowed and what to do, maybe in conjunction with IP filtering? Maybe, maybe. . I doubt you like it, but if you have no choice, then. . A few notes on "socks" authentication. (Summary: forget it). "ident" should not be called authentication at all and username/password one is based on cleartext interaction. Stronger authentication options are available for kerberized environment only and even if someone is willing to use socks in kerberized environment they are not supported by most clients. So - i prefer a good old appliction level firewall that knows every protocol it allows to pass through. Still willing to use socks, eh? "Moore, James" <James.Moore () MSFC NASA GOV> said :
Got any details on the weaknesses or specific exploits re Socks? Jim Moore 256.461.4381 ----------- PGP PUBLIC KEY FINGERPRINT ------------ 1D9C 3AC3 34E6 EEDF 22B9 7886 7797 6908 048F 049B --------------------------------------------------------Original Message----- From: ark () eltex ru [SMTP:ark () eltex ru] Sent: Wednesday, January 19, 2000 4:14 AM To: James.Moore () MSFC NASA GOV Cc: phil.cracknell () nomura co uk; firewall-wizards () nfr net Subject: RE: Real Audio Security -----BEGIN PGP SIGNED MESSAGE----- nuqneH, You should understand well how does it work and think twice before running socks on your firewall. You probably will not, after all. "Moore, James" <James.Moore () MSFC NASA GOV> said :I understand that the socks proxy is finding new applications for thissortof thing (multimedia) due in part, I think, to the difficulty and risks associated with passing it through a firewall. I know that NEC (www.socks.nec.com) peddles some wares in this space - I haven't hadtime tofind out if there are any alternatives. See also http://www.networkworld.com/archive/1999/76451_09-27-1999.html Jim Moore 256.461.4381 ----------- PGP PUBLIC KEY FINGERPRINT ------------ 1D9C 3AC3 34E6 EEDF 22B9 7886 7797 6908 048F 049B --------------------------------------------------------Original Message----- From: Cracknell, Phil [SMTP:phil.cracknell () nomura co uk] Sent: Tuesday, January 18, 2000 4:47 AM To: firewall-wizards () nfr net Subject: Real Audio Security Two in one day! Could someone point me to any research data on the security pitfallsofReal Audio through a firewall? Particularly interested in bandwidth issues, use of PN prxy or other. Thanks Phil --
_ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOIbdX6H/mIJW9LeBAQEsbwP+KphBr4/dZtnS9tFIZQkq5IxQTwfuz+Cf z+M9HDBIGnx71m8vDzPFJrGxOv0CBquvgNktrtn/etuuqd4yUOj2PIMOMuqsJsm0 6dGIJbIM5ZIpk6RYaE/FgsVPG3H9dNaQlSk4gePh55+Kzh/Ja6SrlfLw08F8Z3AU Ad9ipt7oznc= =ZPyP -----END PGP SIGNATURE-----
Current thread:
- Real Audio Security Cracknell, Phil (Jan 18)
- Re: Real Audio Security Darren Reed (Jan 20)
- <Possible follow-ups>
- RE: Real Audio Security Moore, James (Jan 18)
- RE: Real Audio Security ark (Jan 19)
- RE: Real Audio Security Moore, James (Jan 20)
- RE: Real Audio Security ark (Jan 20)
- RE: Real Audio Security LeGrow, Matt (Jan 20)
- RE: Real Audio Security ark (Jan 21)
- RE: Real Audio Security Rick Murphy (Jan 24)