This document gives you a brief introduction to SOCKS, provides answers to the most frequently asked question, provides you with important points to remember, and guides you through setting the SOCKS server authentication options.
SOCKS is a proxy mechanism that allows client PCs to gain full access to hosts outside their local network while providing a high degree of security for the local network. (The word is short for SOCKetS, an internal NEC development name that continues to be used.)
As a publicly available protocol, SOCKS is commonly used as a firewall, protecting local networks from unauthorized access from the outside. SOCKS can be used as an internal gateway between departments within a company as well as an external gateway between a private enterprise network and a public network, such as the Internet. Access is managed from the private network to the public network, but access is denied from the public network to the private network.
Technically referred to as a circuit-level gateway, SOCKS actually consists of two components: a SOCKS server and a SOCKS client library. The SOCKS server establishes a connection and monitors ongoing access to and from the network.
The Hummingbird SOCKS implementation is installed on the client machine running the MS TCP/IP included with Microsoft's Windows NT/2000 and Windows 95/98/Me operating systems. (The MS TCP/IP is the one that can be added to Windows for Workgroups.) With the SOCKS client installed, any Windows NT/2000, or Windows 95/98/Me, or Windows for Workgroups workstation can take advantage of the SOCKS firewall security.
The Hummingbird SOCKS client seamlessly "socksifies" any TCP/IP application, thereby eliminating the need to re-code "SOCKS-aware" applications.
How is SOCKS V5 different from SOCKS V4?
Does SOCKS V5 work with SOCKS V4?
How can the Hummingbird SOCKS Client help load balance between SOCKS Servers?
Can I distribute the Hummingbird SOCKS Client across all corporate desktops?
Is there a SOCKS-related mailing list?
What operating systems does the Hummingbird SOCKS Client support?
Do I have to modify programs to use the Hummingbird SOCKS Client?
Why can't I ping a Host through a SOCKS server?
Can I FTP through a SOCKS server?
How do I uninstall The Hummingbird SOCKS Client?
Where can I get updates to the Hummingbird SOCKS Client?
With which TCP/IP stacks does the Hummingbird SOCKS Client work ?
Is there Technical support for the Hummingbird SOCKS Client?
Can I use PROXY-NAME with a SOCKS V4 server?
Extraneous characters in the socks.cfg configuration file
Why am I prompted for my user name and password when I start a new connection?
How do I temporarily turn off the SOCKS Client?
Does SOCKS support Windows 2000?
How do I upgrade to the latest version of SOCKS?
The main differences are:
Most SOCKS V5 servers support both SOCKS V4 and SOCKS V5 clients. SOCKS V4 servers will not support the SOCKS V5 protocol.
SOCKS Client: SOCKS V4 and V5 are available on the Hummingbird product CD in the SOCKS folder and from the Hummingbird web site.
www.hummingbird.com/products/evals/index.html
SOCKS Servers: SOCKS V4/5 is available through anonymous ftp from ftp://ftp.nec.com/pub/socks/. SOCKS V5 is available through http at http://www.socks.nec.com/. Most firewall vendors today support SOCKS V4 and SOCKS V5.
The Hummingbird SOCKS client now supports the use of the BALANCE keyword in the socks.cfg configuration file. By adding this keyword before any SOCKD4/5 lines, the listed SOCKS servers will be randomly ordered.
Yes. The licence for Hummingbird SOCKS Client does not currently restrict distribution within a corporation. However, this is subject to change at Hummingbird's discretion.
Yes, you can post questions or request help on our mailing list,
The Hummingbird SOCKS Client currently supports:
No. The Hummingbird SOCKS Client operates transparently as a shim and automatically redirects network requests to the appropriate SOCKS server.
SOCKS V5 supports UDP, however, SOCKS V4 does not.
SOCKS is short for SOCKetS which is an NEC internal development name that stuck with the technology.
The SOCKS support provided by the Hummingbird SOCKS shim allows outgoing TCP and UDP connections to work through SOCKS V4 and SOCKS V5 servers.
PING will not work through either a SOCKS V4 or SOCKS V5 server, as it uses ICMP and not TCP or UDP. Also, UDP services like DNS lookups do not work through a SOCKS V4 server.
The shim normally supports TCP connections only in one direction.
The FTP protocol makes an outgoing connection to establish what is called the command channel. When a command to transfer data is sent on the command channel, the normal operation of FTP programs is to have the FTP server make a connection to the FTP client for the data channel. This is called an Active Transfer. Active Transfers are NOT normally supported by the shim because they use TCP connections made from a remote machine through the SOCKS server to your local machine. They can be supported only if the BIND-MODULE command is used.
Many FTP programs (Hummingbird FTP and WSFTP) support a mode called Passive Transfers. This is where the FTP client program makes a TCP connection to the FTP server for the Data channel. The shim supports this mode; unfortunately, the Microsoft FTP program does not support this mode. You can add the command BIND-MODULE FTP to the socks.cfg file to allow the Microsoft FTP program to receive incoming connections from beyond the SOCKS server. You can also specify BIND-MODULE * to allow all programs with this requirement to operate. Also, we recommend you use the IP address instead of the host name for Microsoft FTP.
If you use OS with WinSockV1.1:
Run the uninstall.bat program.
Updates are periodically posted to our web site
http://www.hummingbird.com/products/nc/socks/index.html
The Hummingbird SOCKS Client supports Microsoft TCP/IP for Windows 95/98/Me and Windows NT/2000.
Yes, you can post questions or request help on our mailing list
No. The PROXY naming ability is available only with SOCKS V5 servers.
Also, the PROXY-NAME keyword is mutually exclusive with the DENY keyword as DENY operates on IP addresses only.
There can be only one PROXY-NAME line in the socks.cfg file which can take a comma seperated list of SOCKS server addresses
It is the SOCKS Server's responsibility to demand authentication of the SOCKS client. If the server is configured to require a user name and password for a specific connection, the SOCKS client must comply and will prompt the user for the required information.
Please note that the server configuration can require authentication for some connections and not others. You can set up your SOCKS client to supply the user name and password automatically.
For more information, see SOCKS Server Authentication dialog box.
In some cases, you may wish to disable the Hummingbird SOCKS Client. For example, if the client shim is installed on a laptop that does not require SOCKS while used on a home network, then you can simply rename the socks.cfg configuration file while it is not needed.
Yes, SOCKS supports Windows 2000.
If you are running Windows 95/OSR2 with Winsock V1.1:
C:\Windows\System\Hummingbird\Connectivity\7.1\Socks
If you are running Windows NT4/98/2000/Me, Windows 95 with Winsock V2, or Windows 95/OSR2 with Winsock V2:
Note: You do not need to uninstall the older version of SOCKS. The installation overwrites all relevant files. The socks.cfg file does not change, and retains its previous settings.
Please ensure that the socks.cfg file contains no extraneous characters, such as unwanted linefeed of carriage return characters. These characters may be introduced during file transfers or if the socks.cfg file is edited with an application that includes formatting codes.
If in doubt, retype the socks.cfg file in an editor such as notepad.exe.
Finding SOCKSYou can find SOCKS on the product CD and on the Hummingbird web site
http://www.hummingbird.com/products/nc/socks/index.html
At the end of the SOCKS installation, you can provide SOCKS server authentication information. The SOCKS Server Authentication dialog box contains the following fields:
Save User areaThis area lets you specify the SOCKS Server user account information for password-enabled SOCKS servers. After you set the user name and password, connections to the SOCKS server will be automatic. If other users log into the machine and try to make connections to the SOCKS server, they will be prompted to provide a user name and password for the SOCKS server.
Save User Sets the SOCKS Server account information for the current user.
User Name Displays the user name of the current logged-in user.
Domain/Local Machine Displays the name of the domain or machine into which the user is logged.
SOCKS Server Account Sets the SOCKS Server Account information.
This area lets you route all services that use TCP through the SOCKS server. This option is available only for Windows NT/2000.
Socksify Services Routes services through the SOCKS server.
SOCKS Server Account Sets the SOCKS Server Account information