The SocksPlusTM proxy from NEC's Internet Business Unit is an advanced, commercial quality, circuit-level proxy technology based on the same concept as the original free SOCKS firewall protocol which became popular among early Internet users, and is now in broad use in the market in its Version 4.2 form.

The original SOCKS was jointly developed by various organizations, then implemented by Dave Koblas and made publicly available. NEC has been the steward of the free version of SOCKS since 1993, managing the FTP site where SOCKS 4.2 source code is available and administering the SOCKS 4.2 mailing list where users of non-commercial SOCKS trade notes on SOCKS 4.2 security, configuration and compatibility.

The SocksPlus proxy was written from scratch by NEC to provide a commercial circuit-level proxy for the PrivateNet Secure Firewall Server and to avoid any Intellectual property issues associated with the original, publicly available free version of SOCKS. The SocksPlus proxy is more secure and commercially robust than the original SOCKS protocol.

Although SOCKS is popular, it has several limitations:

  • Its software is not layered, leaving it vulnerable to bad packets;
  • It is vulnerable to IP spoofing attacks;
  • It does not provide UDP support.

SocksPlus has been improved from the original SOCKS implementation in many ways. The SocksPlus proxy:

  • Uses proper software layering, leaving it much less vulnerable to bad packet formats;
  • Can be configured to listen only to client connections on the internal network to properly identify IP spoofing attacks that use internal network IP addresses, but which originate from the outside network;
  • Provides UDP support in addition to the TCP support originally found in SOCKS ;
  • Provides for encrypted data communications between SocksPlus proxy servers;
  • Supports parallel configurations, providing both high availability and load balancing between servers;
  • Does not require a configuration file at each client (server information is obtained from DNS);
  • Does not accumulate log information at each client.
The SocksPlus proxy uses its own improved protocol when communicating with SocksPlus proxy clients and other SocksPlus proxy servers, but it is fully backward-compatible with existing SOCKS servers and clients. If a site is already using SOCKS, deploying the SocksPlus proxy will be straightforward. However, such sites are encouraged to convert to the SocksPlus proxy over time to take full advantage of NEC's improvements.

SocksPlus, like the original version of SOCKS, is a client/server protocol that requires a small modification to client applications to work through a SocksPlus or SOCKS firewall server.

In the early days of the Internet, client applications had to be individually "SOCKSified." But today, the number of TCP/IP stack and client application vendors supplying products that already support SOCKS or SocksPlus is growing very quickly.

NEC's Internet Business Unit has launched an effort called the Client Application Partners Program to accelerate this trend even more, while working with vendors to move from non-commercial SOCKS 4.2 to SocksPlus, which is the first commercial implementation of the technology available to developers.

In many cases, the SOCKS 4.2 or SocksPlus proxy is already part of users' client application and can communicate with the PrivateNet server. These are clients provided by such vendors as Netscape, NetManage, FTP, SpryNet and others. For client applications that do not yet support SocksPlus or SOCKS 4.2 commercially, the Internet Business Unit supplies SocksPlus dyanamic load libraries and executables, as well as a set of SocksPlus compliant UNIX applications on a separate CD-ROM with the PrivateNet Secure Firewall Server.

For questions or comments relating to the SocksPlus and CAP Program information contained here, email: or contact us at (800) 668-4869
Dept. Code YWEB.

Many leading client application vendors are already supporting Socks.
Among them are:
- NetScape

- SpryNet

- FTP Software

- NetManage

- Hummingbird

- Stardust Software

Send your comments and questions to