From: TAKADA Toshihiro (高田敏弘) <takada@seraph.NTT.JP>
Real-Date: Tue, 07 Sep 1993 11:45:40 +0900
Subject: [infotalk,00363] Re: cacheing mechanism & free information
Message-Id: <9309070245.AA19926@seraph.ntt.jp>
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="iso-2022-jp"
たかだです。
In <infotalk:00361> "Mitsuhiro Araki <foison@techinfo.tytlabs.co.jp>"-san writes:
> WWFS というのはいったいどういうものなのでしょうか?
これへの答はよく分からないのですが...
> 「FTP 先へのファイルアクセスを,マウントしたファイルシステムのように見
> せかける仕掛け.IP forwarding を止めたゲートウェイで動かすと,IP
> forwarding を止めたままで,ゲートウェイの両側相互の FTP が可能となる」
こーいったことをするためのもので SOCKS っていうのがあるみたいです。
私はこの記事を読んだだけで、FTPすらしていないのですが、ニュースを
読む限りでは、どんぴしゃのような気がしますが。
もっとも、こういったものをゲートウェイに載せて運用してもらえるか
どうかも問題なのかな...
========================================================================
NTT基礎研究所 情報科学研究部 高田敏弘
分散コンピューティング原理研究グループ takada@nttlab.ntt.JP
========================================================================
------- =_aaaaaaaaaa0
Content-Type: multipart/digest; boundary="----- =_aaaaaaaaaa1"
------- =_aaaaaaaaaa1
Newsgroups: comp.infosystems.www,comp.security
Path: lab!icot10!wnoc-tyo-news!nec-tyo!nec-gw!netkeeper!vivaldi!texas!florida!ylee
From: ylee@syl.dl.nec.com (Ying-Da Lee)
Subject: SOCKS 4.0: proxy server with finger/ftp/telnet/xgopher/xmosaic clients
Message-ID: <ylee.744995158@florida>
Sender: news@syl.dl.nec.com (CSTC News--cjk)
Nntp-Posting-Host: florida.syl.dl.nec.com
Organization: NEC Systems Lab., C&C Software Technology Center (Dallas, TX)
Date: Tue, 10 Aug 1993 15:05:58 GMT
Lines: 124
(This is a package that allows hosts behind a firewall the use of finger,
ftp, telnet, xgopher, and xmosaic to access the resources outside of the
firewall while maintaining the security requirements.)
A new release of SOCKS is available for anonymous ftp from host
ftp.inoc.dl.nec.com (143.101.112.3), file pub/security/socks.cstc.4.0.tar.gz.
This version is intended to run with identd user verification (RFC 1413),
which is available as file pub/security/pidentd-2.1.2.tar.gz.
Both of these are in Gnu's compressed form and required gzip to uncompress
them. If you don't already have that you can also pick up the file
pub/gnu/gzip-1.1.2.tar.Z. Remember to download them in binary mode.
There are a few bug fixes: rftp no longer chops off password after
8 characters; 'eq ftp' now works; so does the use of macro
SOCKS_DEFAULT_NS.
I am enclosing the first part of the README.1st file which describes
the new fearures. Besides SunOS 4.1.x, the new version has also been
ported and tested on ULTRIX 4.3, IRIX 4.0.1, and partially on HPUX,
thanks to Ian Dunkin and Anthony Shipman.
Hope you can make good use of the package. Enjoy it.
Ying-Da Lee (214)518-3490 (214)518-3552 (FAX)
Principal Member, Technical Staff
NEC Systems Laboratory, C&C Software Technology Center /
NEC USA, Corporate Network Administration Division
ylee@syl.dl.nec.com
=======================================================================
This is SOCKS, a package consisting of a proxy server (sockd)
and client programs corresponding to finger, whois, ftp, telnet,
xgopher, and xmosaic, as well as a library module (libsocks.a)
for adapting other applications into new client programs.
The original SOCKS was written by David Koblas <koblas@netcom.com>,
which included the library module and finger, whois, and ftp clients.
Clients programs added since the original are:
-telnet: adapted from telnet.91.03.25 by David Borman <dab@cray.com>.
This version is supposed to be much easier than the previous one
to port to many different systems.
-xgopher: adapted from xgopher ver. 1.2 by Allan Tuchman <a-tuchman@uiuc.edu>.
-xmosaic: adapted from xmosaic ver. 1.2 by NCSA staff (contact
Marc Andreesen, <marca@ncsa.uiuc.edu>).
The SOCKS protocol has changed with this version. Since the server and
the clients must use the same SOCKS protocol, this server does not work
with clients of previous releases, and these clients do not work with
servers of previous releases.
The access control mechanism has been expanded:
-A list of users can be included along with other fields (source address,
destination address, service/port) for permission/denial of access.
-Identd is used (controlled by option -i and -I) in SOCKS server to try
to verify the actual user-ids. The code uses the library written by
Peter Eriksson <pen@lysator.liu.se> and /Pdr Emanuelsson <pell@lysator.liu.se>.
-A shell command can optionally be specified with each line. The command
is executed if the conditions of that line are satisfied. This is adapted
from the same feature and code used in the log_tcp package by Wietse
Venema <wietse@wzv.win.tue.nl>.
-Special entries (#NO_IDENTD: and #BAD_ID:) can be included to specify
shell commands to be executed when the client host doesn't run identd
and when identd's report doesn't agree with what the client prgram says.
The following can be a reasonable sockd.conf using the new features:
# Permit root on 129.101.64.3 all services
permit *=root 129.101.64.3 0.0.0.0
#
# Permit root and usersa on 129.101.112.10 telnet access to network 222.22.22
permit *=usera,root 129.101.112.10 0.0.0.0 222.22.22.0 0.0.0.255 eq telnet
#
# Permit all users on network 129.101 access to ftp
permit 129.101.0.0 0.0.255.255 eq ftp
#
# Deny everything else. Upon an attempt, finger the client host and pipe
# the result into an email to root with appropriate Subject line.
deny 0.0.0.0 255.255.255.255 : finger @%A | /usr/ucb/mail -s 'SOCKD: rejected -- from %u@%A to host %Z (service %S)' root
#
# If the client doesn't run identd, tell the user and root there to run it.
#NO_IDENTD: /usr/ucb/mail -s 'Please run identd on %A' %u@%A root@%A
#
# Someone is masquerading as someone else. Finger the client host
# and pipe the result into an email message for local root and root on
# the client host with appropriate Subject line.
#BAD_ID: finger @%A | /usr/ucb/mail -s '%U pretends to be %u on host %A' root@%A root
The test_sockd_conf program can be used to test the access control file,
including the special entries and the execution of shell commands.
The Identd server is available through anonymous ftp from many places.
Consult archie. Or you can pick it up from ftp.inoc.dl.nec.com, the
file is pub/security/pidentd-2.1.2.tar.gz. This copy corrected a mistake
in the INSTALL file: In step 10, second paragraph, the line
TELNET session and enter "4711 , 113", where you replace 4711 with the
should read
TELNET session and enter "113 , 4711", where you replace 4711 with the
The author of pidentd is Peter Eriksson (pen@lysator.liu.se).
Finally, the network/host byte order confusion has been cleaned up. That
should make porting to other systems a lot easier. Only machines for which
the assumptions that short=int=16 bits and long=32 bits do not hold
are still likely to have serious problems.
The package has been ported for ULTRIX 4.3 by Ian Dunkin <imd1707@ggr.co.uk>
and Anthony Shipman <als@cpsg.com.au>, for IRIX 4.0.1 by Ian Dunkin (again),
and partially for HPUX by Anthony Shipman (again!). (We are a small bunch
of busy bees.) I also include patches by Craig Metz <cmetz@thor.tjhsst.edu>
to SOCKSize xarchie and ncftp. I have not try these patches out
myself though.
I want to thank all the people I have mentioned so far, as well as the
following, who has helped with their bug reports, comments, and suggestions:
Alain Mellan <amellan@acri.fr>, Heinz Naef <whna@nexos.com>, Rejane Forre
<for@pttnms.ewi.ch>, Michael Lachowski <mlachow@maverick1.erenj.com>,
Nancy Ball <nancy_ball@sematech.org>, David Vincenzetti <vince@dsi.unimi.it>,
LaMont Jones <lamont@sp1.cup.hp.com>, Brandon Butterworth
<brandon@dd.eng.bbc.co.uk>, Richard Schultz <rich@ccrwest.org>.
------- =_aaaaaaaaaa1--
------- =_aaaaaaaaaa0--
From: Shingo Ichii <ichii@purple.kek.jp>
Real-Date: Tue, 07 Sep 1993 09:59:01 +0900
Subject: [infotalk,00362] Re: cacheing mechanism & free information
Message-Id: <199309070059.JAA13617@purple.kek.jp>
In message <9309061245.AA18408@seraph.ntt.jp> you write:
>
>実際に、「××は××に移ったんでリンクをアップデートしてね」みたいな
>のって良く見掛けますけど、これも自動化できないもんですかねえ。
こういうものは必要だと思う人はいるわけで、やっぱり Internet Draft で、
"Resource Transponders", C. Weider, 03/22/1993,
<draft-ietf-iiir-transponders-00.txt>
Although a number of systems have been created in the last several
years to provide resource location and navigation on the Internet, the
information contained in these systems must be maintained and updated
by hand. This paper describes an automatic mechanism, the resource
transponder, for maintaining resource location information.
というのがあります。アイディアだけで、そんなに細かいことが書かれている
わけではありません。RLS (Resource Location System) があることが前提で
す。昨日私は
> user interface (Gopher, WWW など) -> URN -> URL
>
>と mapping されていくわけです
と書きましたが、実は resource には resource transponder がくっついてい
て
user interface (Gopher, WWW など) -> URN -> URL
-> resource transponder + resource
という風に行くような絵が "A Vision of an Integrated Internet
Information Service" には描いてあります。
#他人の考えた話ばかりで恐縮ですが。
高エネルギー物理学研究所(KEK)
一井信吾