socks4 server: Security implications?

["Ralf G. R. Bergs" <rabe@RWTH-Aachen.DE>]

Hi there,

I've now begun using a socks4 server for the sole purpose of being able to 
properly use ICQ from my internal machines to the outside of my firewall-
protected and NATified LAN.

This seems to work well but I'm not sure about the security implications of 
this measure, since I don't know exactly how a socks4 proxy works, what it 
does, etc.

My sockd.conf file looks like this:

#action src_addr        src_mask        dst_addr        dst_mask
#deny connections from outside to our LAN
deny    ALL             0.0.0.0         <ext_ip>        255.255.255.255
deny    ALL             0.0.0.0         192.168.1.0     255.255.255.0

permit  192.168.1.0     255.255.255.0   ALL             0.0.0.0



Here, <ext_ip> is the external IP address of my firewall host.

What makes me worry is that I can still telnet to port 1080 from outside my 
machine and the connection gets accepted. This is probably by design, right? 
The socks daemon is waiting for some connection setup, such as destination 
address, and then says "Forbidden."

Is that right?

Is it safe to block access to TCP port 1080 on my firewall from the outside? 
Or would that hamper operation of the proxy, effectively disabling it for my 
LAN machines?

Thanks for any insights you can give,

Ralf


-- 
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^