SecureSOCKS5 BNTC Software


  • Full support of RFC 1928 (SOCKS Protocol Version 5) except of GSSAPI authentication and IP V6
  • Secure relay (obeying firewall rules) of TCP and UDP connections
    (UDP connections do not work for SOCKS5 clients in ISA Server 2004/2006, see known issues below)
  • Username/Password authentication (RFC 1929) by using Windows AD accounts
  • Support of clients behind NAT
  • High-performance connection processing
  • Many useful customizable parameters
  • Thoroughly tested in real environment with hundreds of users

SecureSOCKS5 has set of customizable options that can be adjusted in filter's property page.

SecureSOCKS5 has rich set of customizable options!

Description of SecureSOCKS5 settings

  • SOCKS 5 port - SOCKS 5 control channel TCP port. Default is 1080.
  • Auto configure - Reset all settings to default recommended values. If you unsure what means each parameter then leave this box checked.
  • Firewall external address - Used in bind operations for external sockets. If left empty then external sockets will accept incoming connections/datagrams on any local interface.
  • Authentication domain - Used if client hasn't specified domain in his username. If empty then local domain is used.
  • Deny connections to LAT addresses - Check to deny connections to LAT addresses through SOCKS 5 proxy. (Only exists in SecureSOCKS5 for ISA Server 2000.)
  • Client IP address can vary within session - Check to support clients located behind a Network Address Translation (NAT) device with pool of addresses, that is their IP address can vary within session. If not checked it is assumed that client IP is permanent.
  • Allow TCP bind operation without preliminary connect - Check to allow TCP BIND requests without preliminary CONNECT requests to the same server. This is wanted by some types of applications with complex connection scenarios.
  • Accept connections from any address - Check to ignore address specified in TCP BIND requests and to accept connections from any address.
  • Always try to use client port for UDP connections - Check if you want proxy always tried to bind UDP socket to port that client had bound on his machine regardless of whether USECLIENTSPORT flag is set or not.
  • Negotiation timeout - Time limit for authentication with the SOCKS 5 server and connection establishment with the remote server.
  • TCP idle timeout - TCP connection terminated if it idles (no data transferred) for specified time limit.
  • UDP idle timeout - UDP connection terminated if it idles (no data transferred) for specified time limit.
  • Enable logging to file - Defines whether to write detailed connections log.

In addition, SecureSOCKS5 for ISA Server 2004/2006 has Networks tab where you can specify networks from which SOCKSv5 requests are accepted.

On Authentication tab you can disable authenticatioin for some clients. SOCKS5 client requests from the specified addresses will not be asked for authentication. You may want to add some addresses to avoid appearing of authentication requests on SOCKS5 clients. Remember that you should allow anonymous access for these clients in ISA Server access rules, otherwise their requests will be denied.

Known issues

  • ISA Server does not show account names of SOCKS5 clients neither in ISA Server 2000 nor in ISA Server 2004/2006 for now (they are showed as empty user names in session monitoring and in logs). Anyway, all policy rule checks behave correctly.
  • Username/Password authentication protocol (RFC 1929) is not secure because it sends users passwords in clear text, so use of authentication for SOCKS5 clients is not recommended for environments where "sniffing" is possible and practical.
  • UDP connections do not work for SOCKS5 clients in ISA Server 2004/2006. This is because of problems in ISA Server 2004/2006. This problem do not exist in ISA Server 2000. TCP connections work well in any version of ISA Server.

Latest news

Sep 8, 2006
New versions of SecureSOCKS5 released, added support for Microsoft ISA Server 2006.

Dec 19, 2005
BNTC Software releases Bandwidth Splitter v.1.01 for ISA Server 2000.

Jul 6, 2005
New price for SecureSOCKS5 for ISA Server 2004 - now only $95.

Jul 6, 2005
New versions released that fix issues related to behaviour of some UNIX clients.

Apr 29, 2005
SecureSOCKS5 now supports ISA Server 2004 Enterprise Edition!

Mar 24, 2005
Non-critical updates released for both versions of SecureSOCKS5.

Jan 19, 2005
SecureSOCKS5 for Microsoft ISA Server 2004 released.

Jan 13, 2005
SecureSOCKS5 for Microsoft ISA Server 2000 updated to version 3.01 with minor fixes.

Nov 9, 2004
New price for SecureSOCKS5 for ISA Server 2000 - now only $95.

Sep 20, 2004
SecureSOCKS5 for Microsoft ISA Server 2000 released.

Last updated: September 18, 2006.
Copyright © 2004-2006 BNTC Software. All rights reserved.