Article delegate-en/4188 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] delegate sockmux question
24 Oct 2008 10:51:27 GMT Andre <pzyhqbdyi-xtc56t3iernr.ml@ml.delegate.org>


Hello,

according to the CHANGES-Log, it seems that you  have removed the
features which enabled accepting connections via SockMUX and HTTP,VSAP,
probably due to the security concerns:

* 9.8.6 081011 mod sox.c: removed code for accept() and incomming connect()
* 9.8.6 081011 mod {vsap,htaccept}.c: removed code for accept() at
remote host


Is it completely removed or just disabled per default? I do have a
remark concerning the specific security issues you mentioned.
In my opinion the mentioned security risk is neither limited or caused
by SockMUX, nor by HTTP-Accept or VSAP. An intrusion in a network,
initiated from within, could also easily be
done with SOCKS. In this scenario there could be a SOCKS-Proxy somewhere
on the outside of the network, to which a client from within the network
is connected and makes BIND requests. This client could be running a
special software which enables some kind of multiplexing over a TCP
connection which he opened on the SOCKS-Proxy. As a counterpart to this,
an "intruder" from the outside can connect to the bound port on the
SOCKS-Proxy, which might
also be running a special software interfacing with the one of the
client within the network.
Admittedly, in this case the special software might be classified as
"malicious" and the client as "infected", but this could simply be due
to misconfiguration of the client.

If the functionality, which we discussed in our previous e-Mails, is
indeed removed, does this require me to use an older version to work with?

Did you have a chance to think about the ideas mentioned in my last
e-Mail? As the time goes I need to proceed with my master thesis and I
would really appreciate your opinion about changes I wanted to make.

One of them is the modification of SockMux in order to be able to
to start a relay process on demand via a command which I send
to the server running a SockMUX (because we need to start relay
processes dynamically on demand).

Does the server on which the SockMUX is running need to know where to
redirect the incoming traffic, or is this determined by the SockMUX
client which connects to it? Additionally I would like to know if there
is any documentation on this protocol, since I will need to implement my
own SockMUX client on another side.

Thanks in advance!

Cheers, Andre




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V