Help, proxy server issue

Ecco

Ecco

Honorary Master
Joined
Jun 4, 2007
Messages
11,471
Reaction score
8,227
Guys,

Something on my machine is hitting the proxy server where i work and causing my account on the network to get locked out all the time.

I thought it might be virus, did a full scan, nothing picked up. I now installed Ad-Aware and am doing a full scan with that. So far, its clean.

How can i try and find out what is doing this? Any tools i can use?
 
take a TCP trace to ferret it out.

on PC use wireshark, OS X use little snitch, Linux use tcpdump.
 
you didnt type your credentials in to any app that needed internet access? is everything that shuold be working working? Its usually a case of something with automated logon having the wrong credentials for you and re-trying the whole time.
 
rurapente said:
you didnt type your credentials in to any app that needed internet access? is everything that shuold be working working? Its usually a case of something with automated logon having the wrong credentials for you and re-trying the whole time.
Click to expand...

Everything that should be working is working.

I may have type the credentials somewhere that is trying to login automatically, just dont know what that is. I want to try an figure out what is doing this, so i can switch it off, or update the credentials.
 
Find out what URL it's trying to get to & google that URL. That should hopefully tell you what it is
 
sjm said:
Find out what URL it's trying to get to & google that URL. That should hopefully tell you what it is
Click to expand...

Using wireshark (not really sure how just messing around) i see IE is trying to connect to urs.microsoft.com and its not authenticating through the proxy.

I think this mite be the issue. I have left IE closed and so far so good.
 
did your domain account expire? have you logged out and back in since?
 
catweasel said:
Using wireshark (not really sure how just messing around) i see IE is trying to connect to urs.microsoft.com and its not authenticating through the proxy.

I think this mite be the issue. I have left IE closed and so far so good.
Click to expand...

https://phishingfilter.microsoft.com/faq.aspx

It's the URL for ie7's phishing filter check,seems it can account for 100's of hits per browser session
 
The biggest culprit for this is on our network is Adobe Updater. The damn software steals credentials, and then never changes it, thus locking out your account when you change your password. Do the lockouts usually occur after reading a PDF or running some other Adobe app that you've noticed?

When the lockouts are occurring, check if you have a process running called Updater.exe, or might be AdobeUpdater.exe - I forget exactly.

Simple way to get rid of this is to kill the process, then go to C:\Program Files\Common files\Adobe and then delete the Updater* folder. Might be Updater5 or Updater6, depending on the version of Adobe products you have. Updater5 is notoriously bad though.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X