SOCKS implements version 4 of the SOCKS firewall protocol. It allows users with SOCKS compatible clients to connect to the SOCKS firewall and then the server in turn connects to the outside world on the user’s behalf. Together with a correctly configured router, SOCKS can reduce the possible methods of attack.
WARNING: SOCKS is only one part of an Internet security system. While every effort has been made to ensure that this part of it works and is secure, there is no way Peter N Lewis (or anyone else) can guarentee that any software is perfect or that any security system will protect you from every possible attack. Use this in conjunction with a router that protects against spoofing and together with other security techniques, and in consultation with an Internet security expert to provide reasonable security for your network.
SOCKS requires MacTCP and System 7 and the Thread Manager (System 7.5 recomended).
Using SOCKS
SOCKS is very simple, both in implementation and in use.
Open SOCKS up with ResEdit and open the CONF resource. The CONF resource lists pairs of IP addresses and IP masks. Each pair specifies a particular set of addresses that are allowed to connect to the SOCKS server. The mask specifies what bits of the IP are relevant - a remote IP can connect if it is equal to the IP when only the bits that are on in the mask are considered. Eg, if the IP is 1.2.3.0 and the mask is 255.255.255.0 then any IP from 1.2.3.0 thru to 1.2.3.255 can connect to the SOCKS server and make requests for it to act on their behalf.
Once you have specified all the IP/mask pairs you want, close the file in ResEdit, and then launch the SOCKS server. That’s it. Try it out using Anarchie with the firewall set to your SOCKS server.
If you have any problems, consult the “SOCKS Log” file in the Preferences folder.
You can quit SOCKS using Process Watcher or via AppleScript.
Future
It is unclear how much demand there is for such a product, so I have not spent much time on the fine details, only on producing a working version. The shareware fee for a single copy is quite high, but I am assuming that people will not need more than a few copies (normally one per site should be enough). I will only develop this further if there is reasonable support for the program (so if you want to see it developed further you might want to consider buying a site license event if you only need on copy).
Obvious future improvements include:
• Optimizing performance.
• User Interface instead of ResEdit for configuration.
• More complex configuration, such as specifying which sites can connect to which IPs.
• Support for SOCKS version 5 when the protocol is finalized.
• Support for specifying which port to listen to.
Limitations
SOCKS requires System 7 and MacTCP 1.1 or later and the Thread Manager.
Small Print
This program is Shareware, which means if you use it, you should send me US$50.
Site Licensing:
World-Wide Source Code License: US$5000
World-wide license: US$2000
Universities or companies site license: US$500
Curtin University and the University of Western Australia are exempt.
Single-user license: US$50.
Use the Register provided to fill out the registration form and send (Email, Snail-Mail or FAX) it to my US distributer, Kagi Shareware.
You may distribute this program any way you wish as long as you don't charge for it (reasonable download costs such as Compu$erve are ok). I don’t guarantee any support, but I always answer my Email. If I don’t answer Email its because your message didn’t get to me, or my reply bounced, so try again and include a valid Internet address if you can.
You MAY NOT DISTRIBUTE this program on any disk costing more than $5 without my explicit permission.
Warranty
This program should do what I’ve described in this document. If it doesn’t, you can simply stop using it. If you pay me, and within a year find that it doesn’t do what I describe here, then you can notify me and I will refund your money and cancel your license.
Fine Print
Peter Lewis hereby disclaims all warranties relating to this software, whether express or implied, including without limitation any implied warranties of merchantability or fitness for a particular purpose. Peter Lewis will not be liable for any special, incidental, consequential, indirect or similar damages due to loss of data or any other reason, even if Peter Lewis or an agent of his has been advised of the possibility of such damages. In no event shall Peter Lewis be liable for any damages, regardless of the form of the claim. The person using the software bears all risk as to the quality and performance of the software.
US Governement:
Government End Users: If you are acquiring the Software and fonts on behalf of any unit or agency of the United States Government, the following provisions apply. The Government agrees:
(i) if the Software and fonts are supplied to the Department of Defense (DoD), the Software and fonts are classified as "Commercial Computer Software" and the Government is acquiring only "restricted rights" in the Software, its documentation and fonts as that term is defined in Clause 252.227-7013(c)(1) of the DFARS; and
(ii) if the Software and fonts are supplied to any unit or agency of the United States Government other than DoD, the Government's rights in the Software, its documentation and fonts will be as defined in Clause 52.227-19(c)(2) of the FAR or, in the case of NASA, in Clause 18-52.227-86(d) of the NASA Supplement to the FAR.
How It Works
SOCKS listens to TCP port 1080. When it gets a connection it validates the remote IP address against the CONF resource. If it is valid then the server waits for a SOCKS record asking it to either connect to a remote IP/port or wait for a remote connection. If it gets a valid remote connection then it routes all further characters between the two hosts.
