[ home / bans / all ] [ qa / jp ] [ maho ] [ f / ec ] [ b / poll ] [ tv / bann ] [ toggle-new / tab ]

/maho/ - Magical Circuitboards

Advanced technology is indistinguishable from magic

New Reply

Options
Comment
File
Whitelist Token
Spoiler
Password (For file deletion.)
Markup tags exist for bold, itallics, header, spoiler etc. as listed in " [options] > View Formatting "


[Return] [Bottom] [Catalog]

File:1676152548427.png (634.97 KB,745x960)

 No.331

I've been researching computer networking and there's still areas which feel a little muddy to me. My basic understanding of how a computer network works, is you have a computer (client), switch (optional), router. The client has an internal IP address which cannot be routed over the internet. So the client sends a packet to the router, destined for the internet, and the router uses NAT to translate the IP address to its external interface address, ie public address. Now you can access internet.

This is simple enough, but my question is when proxy servers come in. I've often seen people say "just use a proxy bro" and I'm left wondering how that would help. From my understanding, proxies (in this case I'm talking about forward proxies) are placed in the internal network, on the LAN side. What happens when a client requests a webpage would be something like this: CLIENT (192.168.1.1) requests kissu page > kissu page request goes through router/switch and forwards it to proxy server (192.168.1.2), proxy server handles kissu page request for CLIENT > proxy (192.168.1.2) forwards request for kissu to the router (192.168.1.254), router translate 192.168.1.2 to public ip address using NAT > kissu back to the router (public ip) > to the proxy server (192.168.1.2) > finally is handed off to CLIENT. (192.168.1.1)

Maybe I'm completely wrong in this, but if the whole point of using a proxy was hiding your connection on the internet, isn't it useless? Because at every point your connection leaves the router, it's still using your public address, which is tracable by law enforement. The only use I can see is that it would make it difficult to determine WHICH client on the LAN network was responsible for the kissu request. (Assuming you had a large number of devices on the LAN and a large number of people) So why do people say you should use a proxy over a VPN?

Do correct me anywhere I am wrong, would love to learn more about the subject.

 No.332

File:[Gotch] Bocchi the Rock! -….jpg (292.59 KB,1920x1080)

Uhhhh... I don't really know this stuff. I think the main benefit of a proxy is the visible "endpoint" that most connections will see is the proxy and not your own bare IP. It adds some privacy to websites and other things because they're just going to see the IP connected and nothing else and most aren't going to care enough to investigate to see if it's legit. Proxy and VPN operators will of course see your IP and the people operating the infrastructure probably, too.
It's definitely not an invisibility cheat code, yeah, but I don't actually know the technical stuff.

 No.333

Ehhh? There are indeed internal proxies, but proxy servers are external services? Can you clarify

 No.334

What exactly do you plan to hide, anyway? The usefulness of proxies (even external ones) depends on your goal.
Your connection to the internet will always be known to some middlemen, so just "leet hacker invisibility" or however you would express it is not a realistic goal. Most VPN providers in fact can be relied upon to sell you out to law enforcement (VPNs are proxy servers).

 No.335

bocchi the gach'

 No.336

There're different kind of proxies. Forward proxies are usually used in controlled environments like corporate networks. Reverse proxies are used to host different kind of services on a same network and expose them to another LAN or Internet.

>but if the whole point of using a proxy was hiding your connection on the internet, isn't it useless?
It depends on what do you mean by "hiding your connection"
You're right, forward proxies won't make you anonymous on Internet (or even on a LAN because the sysadmin knows who's using the connection since it usually requires authentication). On a LAN though, forward proxies can be configured to be privacy-respecting: the admin knows who you are but won't know what you do (but it's rare and usually defeats some corporate goals). Just keep in mind that anonymity is different from privacy.

>So why do people say you should use a proxy over a VPN?
Proxy is a generic term. Like >>334 said, using a proxy or a VPN depends on what you want to do. For example, Tor acts as a SOCKS5 proxy which can be used in a browser. I strongly recommend you to define your threat model before thinking about technical solutions and particular tools: what do you cant to protect, from who, etc. Proxies and VPN can be hard to understand but NAT traversal solutions are pure wizardy from my pov.

>>334
>Your connection to the internet will always be known to some middlemen, so just "leet hacker invisibility" or however you would express it is not a realistic goal. Most VPN providers in fact can be relied upon to sell you out to law enforcement (VPNs are proxy servers).
That's why you usually cut most middlemen, host or self-host. An OpenVPN server hosted on a cheap VPS and configured to avoid keeping any logs is a godd recommendation: you know the VPN provider won't sell you out because you set it up yourself.

 No.337

File:1712444957010.png (1.83 MB,1077x1380)

dumb sex

 No.338

Sorry if my post came across as dumb. I guess I should have added the context that I was told to just "make own my proxy server" if I wanted privacy online. But that doesn't make sense to me because if I made my own proxy, it would be on the internal side and would be useless.

>>332
In my case, that wouldn't happen. The visible IP would be the public IP address after it leaves the router.

>>333
>>336
>>334
I was under the impression proxies and VPNs were different things. If that's not the case and a VPN is just an external proxy, then I get confused as to why I'll sometimes see someone saying you should ditch proxies for vpns... especially if they're basically the same thing.

Also I'm not trying to hide anything, just trying to grasp this stuff in my head. I think I have a better understanding now, but I have a really hard time articulating anything because I'm tard.

 No.339

dumb articulatard

 No.340

File:IMG_3556.jpeg (149 KB,1079x1061)

The most viable modern case use for proxies I can think of is for circumventing geolocation restrictions.

 No.341

>>338
a VPN is a socket that takes over your entire network routine. Proxies tend to act on individual applications as you pass traffic through it. So you could buy a VPS server and squidproxy on it and run all your traffic through it.

Kissu does this for the URL uploading since we want the server IP to remain anonymous, yet still let it access pages to retrieve images

 No.342

>>336
>An OpenVPN server hosted on a cheap VPS and configured to avoid keeping any logs is a godd recommendation: you know the VPN provider won't sell you out because you set it up yourself.
It's actually more dangerous as long as the VPS account is linked to payment details. It's easy to know get this from the VPS IP. The whole point of VPN is to "hide in the swarm" since the IP is shared by many users giving plausible deniability when the VPN doesn't keep logs, and self hosting is worse than VPNs since you're the only user of it.
The only way to handle this is to find a VPS provider which accepts crypto as payment, and make sure that the crypto used is self-mined or sufficiently laundered.

 No.343

>>342
>It's actually more dangerous as long as the VPS account is linked to payment details.
I supposed it was paid with Monero.
>The whole point of VPN is to "hide in the swarm" since the IP is shared by many users giving plausible deniability
It's not. If you want to do that (anonymity), use Tor with The Tor Browser to avoid fingerprinting. The solution I proposed is fine if you want privacy.
>The only way to handle this is to find a VPS provider which accepts crypto as payment, and make sure that the crypto used is self-mined or sufficiently laundered.
If you pay with Monero, you don't have to worry about these issues.

 No.344

>>343
>If you want to do that (anonymity), use Tor with The Tor Browser to avoid fingerprinting.
Bad advice. Tor is much less popular than VPN that it's possible to monitor all connections to the Tor network in a region and use the timing information to track you down. The FBI already used this technique with success, I remember there was a news article about a college student who was caught this way.
You want at least VPN+Tor.

 No.345

>>344
They are both useless against a state level actor or telcom company (same thing) because they control all the servers and end points.

>>331
>The client has an internal IP address which cannot be routed over the internet.
The IP of your computer can route directly to the internet if you want. This is how the default config for ISPs that switched to IPv6 works (every device has unique address). Most ISPs still use IPv4+NAT due to limited address space (not really, more later) and the fact that it's cheap firewall.

> I've often seen people say "just use a proxy bro" and I'm left wondering how that would help.
When people are telling you to use a proxy they're talking about like this:

Your PC -> Your router -> Your ISP modem -> proxy server -> some website

The Proxy is OUTSIDE of your LAN and the website can't see the real destination IP address. This is basically the set-up most people are using with VPNs and tor.

Websites use what is called a reverse proxy to hide the server's IP address from all clients. Thus mitigating some attack vectors like ddos. Until the 2010s most websites were operating in such a way that everyone knew the real IP address of the server. But then large botnets started ddos-ing everything and demanding ransom. This was mainly used to get most popular websites into anti-ddos services like cloudflare. Which preform a man-in-the-middle attack by keeping a copy of the TLS certs and pretending to be the destination webserver. This allows for such services to both censor and snoop upon traffic in real time. This method causes less bad press than the way they were doing it before at the ISP level. They're still doing it at the ISP level of course. But it isn't talked about as much anymore.

See: https://en.wikipedia.org/wiki/Room_641A

 No.346

>>345
>Most ISPs still use IPv4+NAT due to limited address space (not really, more later)
Forgot my "more later". We've "run out" of IPv4 addresses because certain companies bought large blocks of the address space very early and squatted on them. If they would release these for public use we'd have more than enough to go around. At least enough for every home and business to have one public facing IP address in the v4 space. Really each could have multiple addresses but the exact details aren't important.

The move to IPv6 is mostly about being able to track each device on each LAN. Since the name of the game these days is spying and collecting at much data as possible. They don't like the fact that the last mile LANs are beyond their reach if the network admin running them configures things a certain way.

This is one reason why most ISPs have switched to router+modem combos where the customer can not longer configure the device. It also allows them to sell services like "wifi anywhere". Where a another customer can access the internet through your modem/router using their own account. In addition, it gives them more strict control over what kind of traffic can flow over the modem. Thus preventing you from running a home server. Instead of simply configuring your own router to route traffic over a certain port to devices on your own network you now have to pay your ISP a large fee each month for the privilege.

If you want to know more about how networking works I suggest taking advantage of a basic intro to networking course through youtube or one of the free college courses. It isn't very hard to grasp what's happening with a weekend of study. You might also try messing around with Wireshark for an after noon and monitoring the data flowing over your own LAN.

 No.347

>>346
>If they would release these for public use we'd have more than enough to go around.
Most of them did. Only 5 companies are still on "class A" legacy assignment and 2 of them are ISPs, so that leaves 3. The US military reserves far more IP addresses than any of these.
https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
>>345
>they control all the servers and end points
Only end points really matter because of encryption which is the part they have the least control of.

 No.348

>>347
>Only end points really matter because of encryption which is the part they have the least control of.
I have some bad news for you...

>US military
Private company. Just the blocks companies like Google and Microsoft are sitting on unused would keep things going for many years to come. IPv6 itself is a garbage standard for many reasons. Mainly because it isn't readable to a human like v4. They could have extended the address space by simply adding another decimal point and things would have been fine for the foreseeable future.

The default config for most IPv6 ISPs is hilariously bad. My ISP has been converting over lately and forced my LAN on to IPv6 one night with a fireware update. Within minutes I had bots from all over the internet attempting to log-in to every device on my network. My home media server was sending data over the internet and then back to my set-top device under a television in the same room. All behind my back.

After that experience I invested in a proper router and bought my own modem to. ISP wiped out my entire config behind my back for no reason because I got lazy and used their router instead of my own. Now my LAN is segregated from the rest of the world as much as humanly possible. ISP just straight up by-passed my firewall with one simple config file that they didn't disclose to customers. They had backdoor access to everyone's network even when it was supposed to be turned off and they promised to never do anything like that.

I'm worried they will take away my ability to use my own modem soon. Their latest modems do not allow you to log-in and they've already removed 2 of the former 5 approved devices from the list of modems you can run on their network. Just getting my modem approved took multiple calls to the ISP and no one was trained to deal with the request. If I change the MAC address of the modem I'll have to go through that all over again. Last Christmas they "forgot" I had my own device and sent a tech out unannounced to install their new modem. I wouldn't let him in the house. He claimed they shut off my service if I didn't but in the end I won that battle. But I fear I'll be losing the war.

 No.349

>>348
>I have some bad news for you...
You're saying they have less control over routing devices directly in the hands of ISPs than the endpoints? Bullshit.
>They could have extended the address space by simply adding another decimal point and things would have been fine for the foreseeable future.
This just shows you don't have a dime of knowledge about computer programming and system interoperability, and you have zero understanding on why IPv6 adoption is so slow. Your idea is no better than IPv6.
The rest of your post is the usual technobabbling typical of /g/ spinoffs. Comments like
>The move to IPv6 is mostly about being able to track each device on each LAN.
Shows you have less than a shallow knowledge of networking. Public accessible LAN is not a unique property of IPv6, and I have personally use such IPv4 network before.

 No.350

>>344
>Tor is much less popular than VPN that it's possible to monitor all connections to the Tor network
Ok? All Tor browsers are configured the same though so it's easier to blend inside a Tor user swarm. Remember that all Tor nodes IP adresses are public though.
>I remember there was a news article about a college student who was caught this way.
Don't spread FUD please. The guy was convicted because he confessed, not because of Tor itself.
>You want at least VPN+Tor.
You can do that if you want but it adds another layer of complexity

 No.352

>>349
>You're saying they have less control over routing devices directly in the hands of ISPs than the endpoints? Bullshit.
I'm saying your encryption doesn't matter when you're using a CPU known to have multiple backdoors and a random number generator that isn't truly random.
>This just shows you don't have a dime of knowledge about computer programming and system interoperability, and you have zero understanding on why IPv6 adoption is so slow. Your idea is no better than IPv6.
I'm pretty sure I've spent more time in a class room and the real world than you. But I didn't insult you like you chose to insult me. Which is pretty much your M.O. any time you disagree with someone.

Any system that is not both readable and easy to quickly transverse by a human is a flawed system. Which is exactly why we told everyone IPv6 was a bad idea over 25 years ago. It's also why we're 25 years past initial roll out and it's still not being used anywhere that matters. Maybe if you dealt with IPv6 -> IPv4 networking regularly you'd understand why it's stupid and not deployed widely. You'd also understand why having every device in a customers home _DIRECTLY CONNECTED AND PINGABLE FROM THE GLOBAL WAN_ is a _really_ bad idea. Hence why ISPs continue to rely on NAT. Since it's a cheap effective firewall that the customer doesn't turn off without going through multiple steps. Access that's being taken away from most customers now because 99% have no idea what they're doing. Which is making the lives of the 1% that know much worse in the process.

>Shows you have less than a shallow knowledge of networking. Public accessible LAN is not a unique property of IPv6, and I have personally use such IPv4 network before.
Yeah you can expose a computer directly to the WAN on any IP network. The difference is in IPv6 it's the DEFAULT.

>>350
Again. If you expect privacy and security on a network controlled by the Government and some "private companies" known to hand over information without a warrant you're in for a bad time. You are no more protected on VPN/tor than you are directly connecting from someone. The only difference is now instead of your ISP knowing everything you do not 2-3+ other parties are monitoring the traffic and can be compelled to hand over the logs to law enforcement/Government/copyright mafia/whoever.

The amount of bad advice being peddled as security is mind boggling. It's the same thing with private trackers. You dox yourself for access. Like some NEET in his mother's basement isn't going to hand over the logs and everyone's information the moment he's asked to do so. Not that he even owns the server. He's simply renting it from someone else. Who can hand over the data any time they want. Again the encryption doesn't matter when every consumer CPU on the market has multiple known backdoors and the makers openly admit that an entire OS is running at all times that you can no access yourself even when it's "shut down".

What happened to IT. This used to be common knowledge. Now any time it's brought up a bunch of experts flood into a thread no matter where it is on the internet and start throwing around insults like "schizo" and saying things like "you're just paranoid" and "no one cares about you because you're not important". Sure they don't care about what I'm doing. That's why there is a multi-billion dollar industry built solely around capturing a copy of every packet flowing over the internet.

I for one am sick of these people.




[Return] [Top] [Catalog] [Post a Reply]
Delete Post [ ]

[ home / bans / all ] [ qa / jp ] [ maho ] [ f / ec ] [ b / poll ] [ tv / bann ] [ toggle-new / tab ]