Question about IP's, proxies, etc

[Monkeyleg]

I have a question for which I can't seem to find the right answer by searching the internet. Unusual, I know.

If you use a proxy server for connecting to the internet, are FTP and telnet connection IP's also changed, or does the proxy server only connect your machine to internet sites and change the IP logged by those sites?

[GigaBuist]

I have a question for which I can't seem to find the right answer by searching the internet. Unusual, I know.

If you use a proxy server for connecting to the internet, are FTP and telnet connection IP's also changed, or does the proxy server only connect your machine to internet sites and change the IP logged by those sites?

A proxy can be used for HTTP (web) or for FTP, and in theory telnet but I've never seen a telnet proxy server before.  But, just because you have an HTTP proxy doesn't mean you have an FTP proxy in place.  They're different.  But if you're thinking a VPN where you tunnel into a different network entirely and then start accessing stuff you would probably see the IPs change for all request unless the person on the VPN client had mucked with tunneling rules.

This is difficult to answer without seeing the actual problem... but I'll keep going.

Can you proxy HTTP only? Yes.
Can you proxy FTP only? Yes.
Can you proxy HTTP and FTP?  Yes.
Can you proxy HTTP and not FTP? Yes.
Can you proxy HTTP and FTP and not telnet?  Yes.

[RevDisk]

I have a question for which I can't seem to find the right answer by searching the internet. Unusual, I know.

If you use a proxy server for connecting to the internet, are FTP and telnet connection IP's also changed, or does the proxy server only connect your machine to internet sites and change the IP logged by those sites?

Most often, APS sees me connecting from revdisk.org. Whether I'm on my phone, tablet, work PC or home PC. I set Firefox to send my traffic (HTTP and related DNS entries) through an SSH connection to my servers.

The term VPN is generally used for connecting all or specific traffic to another source and relaying it. Most VPNs redirect traffic only destined for the remote network through the tunnel. But one could redirect all traffic to the remote network.

A proxy server is near the same thing in theory but not in practice, but most commonly used when referring to a single or few number of protocols. Most proxy servers are single or few protocols, and optimized for their specific task.

You can funnel all traffic through a single protocol to a proxy server. You can VPN through a single protocol.

Yes, the IP address of the actual traffic is the proxy server or VPN device. Most devices or servers only see the new IP address. Within the traffic, you can sometimes or often find the actual source. This is called deep packet inspection. Sometimes people are careless. The biggest one is people who proxy their HTTP traffic, but not their DNS traffic.

There's also reverse proxies as well.   

Giga, telnet (and ssh, etc) proxies are more common for security testing or hacking. The simplest form is loading metasploit on an intermediate machine. But it's not exactly hard to set up iptables to forward packets.

[Monkeyleg]

Thanks for the replies. I didn't understand 75% of what either of you said, but thanks.

[RevDisk]

Thanks for the replies. I didn't understand 75% of what either of you said, but thanks.

Generally, people use proxy servers for surfing the web and that does change their IP.
People generally don't do so for FTP and telnet, but they can and it is not hard.

[GigaBuist]

Generally, people use proxy servers for surfing the web and that does change their IP.
People generally don't do so for FTP and telnet, but they can and it is not hard.

I've only ever seen an FTP proxy once and it was funny how that went down.  Our PDM system (bought, I didn't write it) used FTP to spread files to multiple geological locations so they'd be available for fast download.  Come one Monday morning the whole system is hosed and nobody knows why. Any upload to the system is denied with an error that the file already exists even though it doesn't exist.  And by "file" I mean "the software generated 100 unique names, tested them all, and then determined that EVERY SINGLE ONE was already used" -- so so that's a really weird error.

Turns out the PDM system used a rename call on an FTP server: rename (random) mything.txt and if that call returned an "OK" message it assumed (random) was already used so it tried another filename before uploading the actual document.  I tell my manger what's going on, he phones the help desk/network guys he used to work with and asks if they put in a transparent FTP proxy over the weekend.  Yep!  They did.  They turned it off right quick.

That was a fun morning.