Software602 Home . products . download . support . register . how to buy . . view cart . . . contact us . . . .
Software602 Home . . . . . .
. .
.
.
Software602 Login
E-mail:
Password:
forgot?
.
Support Home .
.
User Forum .
.
Knowledge Base .
.
Submit Ticket .
.
View My Tickets .
.
. .
.
602LAN SUITE 2004 User Forumforum home | rss | search | terms of use
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
Warning! Socks security problem
  Posted by  Marshall Lai  on Monday, October 18, 2004 at 9:14:10 PM (EST)
Figured this out the hard way. After enabling SOCKS proxy on LS2004 and opening a port in the router's firewall, the machine sent out massive amount of SPAM!!!

The behavior stopped after I disabled the SOCKS server in LS2004. I had run scans via AVG and MCAFEE and both reports that the server is clean. So I believe that the LS2004 SOCKS is allowing other people from the net to use your server to SPAM.

I have setup LS2004 to no relay and SPAM still get sent out. I suspect that it is probably a loophole in SOCKS that allow others to SPAM via the server. Unfortunately, I don't think the SOCKS implementation in LS2004 can be set to require authentication (even thought the HTTP proxy does.....)
  Posted by Robert Smith  on Tuesday, October 19, 2004 at 9:51:33 AM (EST)
Umm, why would this be a security issue with Lan Suite? Yeah, the Socks proxy doesn't have authentication, but a properly configured firewall and IP filter easily remedies the need for one.

If someone can't connect to the proxy server due to an IP filter or firewall rule, they can't bounce spam off your socks proxy. Maybe you should look into configuring the proxy and/or firewall to block these types of requests.
  Posted by Marshall Lai  on Tuesday, October 19, 2004 at 10:30:42 PM (EST)
Maybe you can help me out here, then. I travel very frequently and use various ISP (thus various unforeseeable IPs) to connect back to the server at home. The firewall can either be set to allow traffic from certain IPs which means I will have to reconfigure the firewall everytime I travel or log-on at Starbucks or other wireless hotspots which is a royal pain in the neck and something I am not too kin on doing.

Alternatively it can be set to block traffics from specific IPs but this will become reactive because you will HAVE TO KNOW WHICH IPs TO BLOCK and others can just as easily change or spoof their IPs on attacks.

OR are there any other alternatives? I have gone as far to change the default ports of the proxy and have no effects of solving this problem.....
  Posted by Robert Smith  on Friday, October 22, 2004 at 10:07:37 AM (EST)
Just curious, but why would you want to access your socks proxy from a remote location? Doesn't seem very efficient for that kind of thing. As far as mail goes, use Web Mail if you must send a message through LAN Suite from a remote location.
  Posted by Marshall Lai  on Friday, October 22, 2004 at 11:24:30 AM (EST)
I do this before I frequently travel to China and they can block access to some of the instant messaging servers and websites.......
BackBack to 602LAN SUITE 2004 Forum
Add New TopicAdd New Topic
Post ReplyPost Reply
.
. . .
.
  © 2009 Software602, Inc. All rights reserved.