Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
0Activity
×
0 of .
Results for:
No results containing your search query
P. 1
928

928

Ratings: (0)|Views: 48|Likes:
Published by arteepu37022
928
928

More info:

Published by: arteepu37022 on Apr 22, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

04/22/2013

pdf

text

original

 
Network Working Group M. LeechRequest for Comments: 1928 Bell-Northern Research LtdCategory: Standards Track M. GanisInternational Business MachinesY. LeeNEC Systems LaboratoryR. KurisUnify CorporationD. KoblasIndependent ConsultantL. JonesHewlett-Packard CompanyMarch 1996SOCKS Protocol Version 5Status of this MemoThis document specifies an Internet standards track protocol for theInternet community, and requests discussion and suggestions forimprovements. Please refer to the current edition of the "InternetOfficial Protocol Standards" (STD 1) for the standardization stateand status of this protocol. Distribution of this memo is unlimited.AcknowledgmentsThis memo describes a protocol that is an evolution of the previousversion of the protocol, version 4 [1]. This new protocol stems fromactive discussions and prototype implementations. The keycontributors are: Marcus Leech: Bell-Northern Research, David Koblas:Independent Consultant, Ying-Da Lee: NEC Systems Laboratory, LaMontJones: Hewlett-Packard Company, Ron Kuris: Unify Corporation, MattGanis: International Business Machines.1. IntroductionThe use of network firewalls, systems that effectively isolate anorganizations internal network structure from an exterior network,such as the INTERNET is becoming increasingly popular. Thesefirewall systems typically act as application-layer gateways betweennetworks, usually offering controlled TELNET, FTP, and SMTP access.With the emergence of more sophisticated application layer protocolsdesigned to facilitate global information discovery, there exists aneed to provide a general framework for these protocols totransparently and securely traverse a firewall.Leech, et al Standards Track [Page 1]
 
 RFC 1928SOCKS Protocol Version 5 March 1996There exists, also, a need for strong authentication of suchtraversal in as fine-grained a manner as is practical. Thisrequirement stems from the realization that client-serverrelationships emerge between the networks of various organizations,and that such relationships need to be controlled and often stronglyauthenticated.The protocol described here is designed to provide a framework forclient-server applications in both the TCP and UDP domains toconveniently and securely use the services of a network firewall.The protocol is conceptually a "shim-layer" between the applicationlayer and the transport layer, and as such does not provide network-layer gateway services, such as forwarding of ICMP messages.2. Existing practiceThere currently exists a protocol, SOCKS Version 4, that provides forunsecured firewall traversal for TCP-based client-serverapplications, including TELNET, FTP and the popular information-discovery protocols such as HTTP, WAIS and GOPHER.This new protocol extends the SOCKS Version 4 model to include UDP,and extends the framework to include provisions for generalizedstrong authentication schemes, and extends the addressing scheme toencompass domain-name and V6 IP addresses.The implementation of the SOCKS protocol typically involves therecompilation or relinking of TCP-based client applications to usethe appropriate encapsulation routines in the SOCKS library.Note:Unless otherwise noted, the decimal numbers appearing in packet-format diagrams represent the length of the corresponding field, inoctets. Where a given octet must take on a specific value, thesyntax X’hh’ is used to denote the value of the single octet in thatfield. When the word ’Variable’ is used, it indicates that thecorresponding field has a variable length defined either by anassociated (one or two octet) length field, or by a data type field.3. Procedure for TCP-based clientsWhen a TCP-based client wishes to establish a connection to an objectthat is reachable only via a firewall (such determination is left upto the implementation), it must open a TCP connection to theappropriate SOCKS port on the SOCKS server system. The SOCKS serviceis conventionally located on TCP port 1080. If the connectionrequest succeeds, the client enters a negotiation for theLeech, et al Standards Track [Page 2]
 
 RFC 1928SOCKS Protocol Version 5 March 1996authentication method to be used, authenticates with the chosenmethod, then sends a relay request. The SOCKS server evaluates therequest, and either establishes the appropriate connection or deniesit.Unless otherwise noted, the decimal numbers appearing in packet-format diagrams represent the length of the corresponding field, inoctets. Where a given octet must take on a specific value, thesyntax X’hh’ is used to denote the value of the single octet in thatfield. When the word ’Variable’ is used, it indicates that thecorresponding field has a variable length defined either by anassociated (one or two octet) length field, or by a data type field.The client connects to the server, and sends a versionidentifier/method selection message:+----+----------+----------+|VER | NMETHODS | METHODS |+----+----------+----------+| 1 | 1 | 1 to 255 |+----+----------+----------+The VER field is set to X’05’ for this version of the protocol. TheNMETHODS field contains the number of method identifier octets thatappear in the METHODS field.The server selects from one of the methods given in METHODS, andsends a METHOD selection message:+----+--------+|VER | METHOD |+----+--------+| 1 | 1 |+----+--------+If the selected METHOD is X’FF’, none of the methods listed by theclient are acceptable, and the client MUST close the connection.The values currently defined for METHOD are:o X’00’ NO AUTHENTICATION REQUIREDo X’01’ GSSAPIo X’02’ USERNAME/PASSWORDo X’03’ to X’7F’ IANA ASSIGNEDo X’80’ to X’FE’ RESERVED FOR PRIVATE METHODSo X’FF’ NO ACCEPTABLE METHODSThe client and server then enter a method-specific sub-negotiation.Leech, et al Standards Track [Page 3]

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->