CmderTaco's Journal: Can you trust proxies?

As you remember, I recommended on using your ISP proxy, so people won't be able to find your IP and abuse it and stuff.

So today I created a new account for myself (wanted to make a fresh new start) And look what was in the email I received from slashdot:

In case you get multiple emails you didn't request,
the requester's IP was [my proxy address].
Its User-Agent was "Mozilla/5.0 (bla bla bla)"
(not that you should trust that value, but it might be interesting).
In case that's a properly-configured proxy,
the value of its X-Forwarded-For header was "X.X.X.X" (MY address!) --
but don't trust that value unless you know a reason to (we don't).

Notice the X.X.X.X. It contained MY IP! The proxy, which I trusted so much, appears to happily surrender my IP address.

So.. it means that you can't trust proxies. I guess that I'll need to install some firewall now..

Firewall won't help

[Corporate Troll]

A firewall will not keep your IP private. The point of a firewall is to block inbound and/or outbound connections. Essentially your IP has to be known to send the data you requested back. That's why I can see your IP in my apache logs if you visit my site.
If you use a proxy, I will see the IP of the proxy. However, since this is email (sent through the proxy), it can add lines X-(Anything) with extra information. Just happens to be a fact that it sends your real IP. Bad luck.

My questions are mainly: why in the world weren't you running a firewall in the first place and why in the world are you so scared that someone finds your IP address. Next time you dial in you get another one anyway. Even DSL/Cable connections switch IP address about every week *and* you can force it to do so. (Of course, you get addresses in the netblock of your ISP, so one can easily find out the ISP).

Re:Firewall won't help

[Corporate Troll]

Uhm... You're supposed not to get hacked in the first place. That's actually what a firewall does, well, it prevents a bit. I do not see how a firewall has annoying restrictions. I have one setup down there in the basement there is this nice OpenBSD box NATing and Firewalling me. Do I feel any negative impact? No... none at all. I do all the same things I did before having one, including FTP (which is a bitch to setup)

I have tested personal firewalls, and they are indeed a bitch to setup because in the beginning they will ask you every 5 seconds if you want to do this or that. However, after two or three evenings they shut up because they know about your preferences.

So keep your system up to date, firewall yourself and keep your Antivirus current (if you *must* run Windows). Then your risk is very low. Besides, Foyodor must have found out the IP of Sdem some other way. I mean, it's not as if he can read slashdot logs. It's enough using ICQ, AIM or any other chat program to find those out. Those won't use a proxy typically. Most proxies just allow port 80 activity.

But hey, do whatever you want. I'm feeling pretty secure with my setup.