RE: Socks4 through ISA??

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Thu, 17 Feb 2005 11:08:11 -0600
Hey, watch those hands :)

I was wondering the same thing -- what use SOCKS? Even a lowly SecureNAT
client can use FTP.

Thanks! 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Thursday, February 17, 2005 8:56 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Socks4 through ISA??

http://www.ISAserver.org

..and you're complaining?
I used the original ISA 2000 book to help me pass my ISA certification
test, so I can guarantee that you're in good hands there (don't tell
Deb, tho).

First, "hiding" you IPs is irrelevant; don't waste your time with this.

Your log is clear - ISA is denying this request:
Connect   13301; 13301 == "go away boy; ya bother me"

Add "Rule#1" and "Rule#2" to the Firewall log fields selection and retry
the connections.
The log will then tell you what rules "fired" for this request.
That's the rule that doesn't like it.
Again; if these rules require authentication, you can't use the SOCKS
proxy - SOCKS 4 doesn't support authenticated requests.

Jim

-----Original Message-----
From: Mark Beynon [mailto:mark.beynon@xxxxxxxxxxxx] 
Sent: Thursday, February 17, 2005 3:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Socks4 through ISA??

http://www.ISAserver.org

Thanks guys, I have literally had to learn EVERYTHING I know about
proxies
in two days from Mr Shinder's books!

 

The Firewall log is as follows for my Socks4 FTP attempts:

 

#Fields:c-ip              cs-username           c-agent    date        
time          s-computername     r-host      r-ip           r-port      
time-taken                cs-bytes  sc-bytes       cs-protocol

 cs-transport            s-operation              sc-status sessionid
connectionid

10.X.X.X  -               -               2005-02-16
09:22:29 
MyProxy  -               12.X.X.X  21            -               -

      -               21            TCP                Connect   13301

 49            45

10.X.X.X  -               -               2005-02-16
11:02:51 
MyProxy  -               12.X.X.X  21            -               -

      -               21            TCP                Connect   13301

 50            46

10.X.X.X  -               -               2005-02-16
11:06:19 
MyProxy  12.X.X.X  -               -               -               -

        -               -               -                GHBN      13301

   51            0

10.X.X.X  -               -               2005-02-16
11:07:28 
MyProxy  -               12.X.X.X  21            -               -

      -               21            TCP                Connect   13301

 52            47

10.X.X.X  -               -               2005-02-16
12:02:55 
MyProxy  -               12.X.X.X  21            -               -

      -               21            TCP                Connect   13301

 53            48

10.X.X.X  -               -               2005-02-16
12:05:02 
MyProxy  -               12.X.X.X  21            -               -

      -               21            TCP                Connect   13301

 54            49

10.X.X.X  -               -               2005-02-16
15:34:05 
MyProxy  -               12.X.X.X  21            -               -

      -               21            TCP                Connect   13301

 59            54

 

I have blanked my PC ip to 10.X.X.X but this was one single IP address.

I have blanked the Internet destination to 12.X.X.X but this was one
single IP address.

I have changed the s-computer name to MyProxy, but this did have the
name
of my proxy server.

 

What do these logs tell me? all it seems to suggest to me is that the
connections are essentially working, but yet no connections are
attempted
from the proxy to the remote host.

 

Please advise if you can

 

thanks

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
RE: Socks4 through ISA??

Other related posts:
