Cryptography Reference
In-Depth Information
schemes that he can support. Then the SOCKSv5 server selects one, or
if none of the methods intersects nontrivially with the network admin-
istrator's security policy, no connection is made with Bob. If a method
is available, the SOCKSv5 server sends the choice to Bob, after which
authentication is set up between Bob and the server.
8.16
Once authenticated, Bob sends his request to the SOCKSv5 server, and
that request must contain the IP address of the application server with
which Bob wishes to connect. Then the SOCKSv5 server evaluates Bob's
request and either rejects it or accepts it. If it is accepted, then using
the address sent by Bob, the server connects to the specified application
server, and establishes a circuit between Bob and it, notifyingBob in the
process. Once established, the circuit conveys data between Bob and the
external server with the SOCKSv5 server screeningeach fragment of data
and relayingit between the two.
There is an earlier version of the protocol, SOCKSv4, but it had some
issues that were not fully considered or were omitted altogether such as
authentication, which SOCKv5 addresses completely. SOCKSv5 is used
as a firewall, proxy server in VPNs, as well as a single communications pro-
tocol that authenticates users and establishes a communications channel.
SOCKSv5 uses the same channel for both authentication and communica-
tion establishment, which has a higher degree of integrity guarantees built
into the process. Moreover, it does so without direct IP reachability.
Socks may be configured to work with virtually any application, and it
can set up not only TCP connections, but also UDP connections via a
proxy.
8.17
UDP capacity is another improvement of SOCKSv5 over its
former version. This is a valuable addition since UDP provides a couple
of services not available with TCP. One is an (optional) capacity, called
a
checksum
, meaninga value related to the contents of a packet, sent
with the packet, or stored to detect if the data has been altered during
transmission. The other UDP feature (over TCP) is that it provides port
numbers to help differentiate user requests. SOCKS uses
sockets
8.18
to
record and track a given connection.
5.
Kernel Proxy Firewall
:
The fifth and latest generation of firewall is the
8.16
There are, in fact, two support authentication mechanisms for SOCKv5. They are RFC
1929 [195], and RFC 1961 [196].
8.17
A
UDP
is a
User Datagram Protocol
, which is a communications protocol providing
service for network communications that use IP. In fact, UDP is an alternative to TCP. UDP
actually transfers what is called a “datagram” from one computer to another. A datagram is
an independent data unit not requiring preprocessing in order to be transported from origin
to target site on the network. Datagram is a term that has been replaced by the word
packet
,
and either term is simply meant to refer to any message unit that the IP handles and the
Internet transfers from one site to another. UDP differs from TCP in that it does not keep
track of the order in which packets arrive at the target site. Thus, since UDP does not process
the sequence of packets, time is saved, so UDP is used over TCP when there is only a small
amount of data to process. Both TCP and UDP are transport layer mechanisms.
8.18
Think of a socket as one endpoint of an interprocess communication link between two
entities on a network, and each entity establishes their own socket.
Search WWH ::
Custom Search