WAIS indexes large text databases so that they can be searched efficiently by simple keywords or more complicated Boolean expressions. For example, you can ask for all the documents that mention "firewalls" or all the documents that mention "firewalls" but don't mention "fire marshals". (You might do this to make sure you don't get documents about literal firewalls.) WAIS was originally developed at Thinking Machines as a prototype information service and, for a while, was widely used on the Internet for things like mailing list archives and catalogs of various text-based information (library card catalogs, for example). It is now much more common for people to provide search engines on web pages using CGI, instead of using WAIS directly as an access protocol. Some web browsers will speak the WAIS protocol, but WAIS servers are quite rare these days.
It is unlikely that you will ever want to run a standalone Gopher or WAIS client. Using the support for these protocols that is built in to a web browser adds no additional risk to the risks already posed by HTTP.
You are also unlikely to run a WAIS server, but you might run a Gopher server. Gopher servers present the same basic security concerns as the servers for all of the other common Internet services, such as FTP and HTTP: Can attackers use this server to access something they shouldn't? This is a particularly pressing problem on the Gopher server included as part of IIS, since many sites do not pay much attention to it, and may accidentally leave data where the Gopher server can read it. If you do not intend to run Gopher, turn it off; if you do intend to run it, be sure that it can read only information that you intend to make public.
For servers, you have to worry about what a malicious client can trick you into running. Like HTTP servers, some Gopher servers use auxiliary programs to generate Gopher pages on the fly. Gopher servers are therefore susceptible to the same kinds of problems as HTTP servers:
Direction | Source Addr. | Dest. Addr. | Protocol | Source Port | Dest. Port | ACK Set | Notes |
---|---|---|---|---|---|---|---|
In | Ext | Int | TCP | >1023 |
70[53]
|
[54]
|
Request, external client to internal server |
Out | Int | Ext | TCP | 70[53] | >1023 | Yes | Response, internal server to external client |
Out | Int | Ext | TCP | >1023 | 70[53] | [54] | Request, internal client to external server |
In | Ext | Int | TCP | 70[53] | >1023 | Yes | Response, external server to internal client |
[53]70 is the standard port number for Gopher servers, but some servers run on different port numbers.
[54]ACK is not set on the first packet of this type (establishing connection) but will be set on the rest.WAIS is a TCP-based service. WAIS clients use random ports above 1023. WAIS servers usually use port 210, but sometimes don't; see the discussion of nonstandard server ports earlier, in the section on HTTP.
Direction | Source Addr. | Dest. Addr. | Protocol | Source Port | Dest. Port | ACK Set | Notes |
---|---|---|---|---|---|---|---|
In | Ext | Int | TCP | >1023 |
210[55]
|
[56]
|
Request, external client to internal server |
Out | Int | Ext | TCP | 210[55] | >1023 | Yes | Response, internal server to external client |
Out | Int | Ext | TCP | >1023 | 210[55] | [56] | Request, internal client to external server |
In | Ext | Int | TCP | 210[55] | >1023 | Yes | Response, external server to internal client |
[55]210 is the standard port number for WAIS servers, but some servers run on different port numbers.
[56]ACK is not set on the first packet of this type (establishing connection) but will be set on the rest.
In the unlikely event that you wish to use some other Gopher client, the TIS FWTK http-gw proxy server can serve Gopher as well as HTTP. SOCKS does not include a modified Gopher client, but Gopher clients are, in general, not difficult to modify to use SOCKS; many of the Gopher clients freely available on the Internet support SOCKS as either a compile-time or runtime option.
As a straightforward single-connection protocol with plenty of user-specified information, WAIS lends itself to both modified-client and modified-procedure proxying. SOCKS support is commonly available in standalone WAIS clients.
Use a web browser such as Internet Explorer or Netscape Navigator for your Gopher and WAIS clients, rather than using dedicated clients.