The original SOCKS was jointly developed by various organizations, then implemented by Dave Koblas and made publicly available. NEC has been the steward of the free version of SOCKS since 1993, managing the FTP site where SOCKS 4.2 source code is available and administering the SOCKS 4.2 mailing list where users of non-commercial SOCKS trade notes on SOCKS 4.2 security, configuration and compatibility.

The SocksPlus proxy was written from scratch by NEC to provide a commercial circuit-level proxy for the PrivateNet Secure Firewall Server and to avoid any Intellectual property issues associated with the original, publicly available free version of SOCKS. The SocksPlus proxy is more secure and commercially robust than the original SOCKS protocol.

Although SOCKS is popular, it has several limitations:

• Its software is not layered, leaving it vulnerable to bad packets;
• It is vulnerable to IP spoofing attacks;
• It does not provide UDP support.

SocksPlus has been improved from the original SOCKS implementation in many ways. The SocksPlus proxy:

• Uses proper software layering, leaving it much less vulnerable to bad packet formats;
• Can be configured to listen only to client connections on the internal network to properly identify IP spoofing attacks that use internal network IP addresses, but which originate from the outside network;
• Provides UDP support in addition to the TCP support originally found in SOCKS ;
• Provides for encrypted data communications between SocksPlus proxy servers;
• Supports parallel configurations, providing both high availability and load balancing between servers;
• Does not require a configuration file at each client (server information is obtained from DNS);
• Does not accumulate log information at each client.

SocksPlus, like the original version of SOCKS, is a client/server protocol that requires a small modification to client applications to work through a SocksPlus or SOCKS firewall server.

In the early days of the Internet, client applications had to be individually "SOCKSified." But today, the number of TCP/IP stack and client application vendors supplying products that already support SOCKS or SocksPlus is growing very quickly.

NEC's Internet Business Unit has launched an effort called the Client Application Partners Program to accelerate this trend even more, while working with vendors to move from non-commercial SOCKS 4.2 to SocksPlus, which is the first commercial implementation of the technology available to developers.

In many cases, the SOCKS 4.2 or SocksPlus proxy is already part of users' client application and can communicate with the PrivateNet server. These are clients provided by such vendors as Netscape, NetManage, FTP, SpryNet and others. For client applications that do not yet support SocksPlus or SOCKS 4.2 commercially, the Internet Business Unit supplies SocksPlus dyanamic load libraries and executables, as well as a set of SocksPlus compliant UNIX applications on a separate CD-ROM with the PrivateNet Secure Firewall Server.

For questions or comments relating to the SocksPlus and CAP Program information contained here, email: webmaster@privatenet.nec.com or contact us at (800) 668-4869
Dept. Code YWEB.

Many leading client application vendors are already supporting Socks. Among them are: - NetScape - SpryNet - FTP Software - NetManage - Hummingbird - Stardust Software