Stops filtering - mozerd - Feb. 04, 2006 02:18 PM
As of today -- February 4 2006 -- my Proxo -- using either of sidki's configs [sidki_2005-06-09.ptron or sidki_2006-01-09.ptron] is ineffective in blocking a huge host of crap from http://ragingbull.lycos.com/*
Anybody know what new tricks lycos may be using to successfully bypass my Proxo?
[edit] OOPS -- sorry --- LOOKS like something happened to my Proxo engine. I deleted it then I re-installed Proxo with sidki's latest [sidki_2006-01-09.ptron beta] re-inserted my bypass list and --- everything is back to normal. Not sure why I had to do this but it is apparent that somehow my prior installation of proxo became corrupted I suspect. What clued me into this possible corruption is that many other sites I visit TODAY also were displaying their crap ? so stating fresh was my alternative to see if that would solve the issue ? and it did.
- mozerd - Feb. 20, 2006 04:19 PM
OK I am having problems with the Prox.
I have now re-installed it 5 times over the last month and each time it works until I reboot the computer [WinXP Pro/SP2] then the Prox just stops filtering.
I have reverted to my old standby for add blockers called AddSubtractPro [Intermute] and that is working just fine BUT the Prox provides far more granularity of control and I would like to get back to using it.
Anyone experience this type of behavior? I'm thinking that it may be a winsock issue but then if that was the case AddSubtractPro would also exhibit the same type of behavior. I am hoping that someone here can provide me with some tips. Thanks.
- mozerd - Feb. 24, 2006 11:36 AM
I may have found out why Proxo has stopped filtering -- it may have to do with a new Anti Spy ware application I recently installed called Defender [beta 2] .. this is the replacement application Microsoft initially called Microsoft AntiSpyware.
In Defender I have not as yet found an option that allows Programs like Proxo to run. Anyone here use Defender and Proxo successfully?
- mozerd - Feb. 27, 2006 12:18 PM
Apparently it not Defender. Apparently the issue is somehow tied into port 8080 .. and I'm not sure why ???
- mozerd - Mar. 03, 2006 01:52 PM
This issue has me currently stumped. What bothers me is that AddSubtract Pro {interMute] does work on all my WinXP Pro/SP2 fully patched systems.
So why would the Proxomitron fail to work?
I did some work on this. I did a fresh install of WinXP/PRO/SP2 but did not allow any of the Microsoft security updates to load. I then installed the Proxomitron and it worked perfectly.
Then I proceeded to allow Windows Update to go ahead with the security updates -- 41 updates in total and in succession -- after the system rebooted the Proxomitron failed to work; so obviously one of those updates is messing up how the Proxomitron is redirecting traffic at whatever Port I use --- I tried port 8080, 8082, 4444. OK so I remove the Proxomitron, disable the proxy settings in IE reboot the computer and then install AddSubtract Pro and it works without issues. This is really annoying.
- ProxRocks - Mar. 03, 2006 02:04 PM
just how many programs do you have installed that listen in on port 80?
- mozerd - Mar. 03, 2006 03:47 PM
Outside of IE and the Proxy server the only other apps that may hit port 80 is Spy Sweeper and eTrust EZ-AntiVirus.
OK Here is a TCPview which is similar to doing a NETSTAT -ANO except that TCPview actually shows the name of the application and the port:
Code:
Port Protocol Local address Remote Address State
[System Process]:0 TCP stat1:1135 localhost:1710 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1662 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1727 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1645 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1728 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1712 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1696 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1709 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1725 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1665 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1649 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1697 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1713 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1647 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1692 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1693 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1715 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1651 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1667 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1659 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1684 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1716 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1653 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1669 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1654 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1686 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1702 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1670 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1643 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1706 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1639 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1687 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1720 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1704 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1690 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1657 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1641 TIME_WAIT
[System Process]:0 TCP stat1:1135 localhost:1705 TIME_WAIT
[System Process]:0 TCP stat1:1660 localhost:1135 TIME_WAIT
[System Process]:0 TCP stat1:1699 localhost:1135 TIME_WAIT
[System Process]:0 TCP stat1:1652 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1655 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1656 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1658 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1661 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1663 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1664 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1666 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1668 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1671 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1672 advanced.nac.net:http TIME_WAIT
[System Process]:0 TCP stat1:1677 core-04-gig-hz-146.hostingzero.com:http TIME_WAIT
[System Process]:0 TCP stat1:1701 core-04-gig-hz-146.hostingzero.com:http TIME_WAIT
AdSub.exe:920 TCP stat1:1135 stat1:0 LISTENING
AdSub.exe:920 TCP stat1:1135 localhost:1721 ESTABLISHED
AdSub.exe:920 TCP stat1:pptp core-04-gig-hz-146.hostingzero.com:http ESTABLISHED
AdSub.exe:920 TCP stat1:1135 localhost:1563 FIN_WAIT2
alg.exe:1872 TCP stat1:1029 stat1:0 LISTENING
CAVTray.exe:1260 TCP stat1:1030 localhost:1026 ESTABLISHED
CAVTray.exe:1260 TCP stat1:1034 localhost:1025 ESTABLISHED
DkService.exe:1264 TCP stat1:31038 stat1:0 LISTENING
IEXPLORE.EXE:1336 TCP stat1:1561 localhost:1135 CLOSE_WAIT
IEXPLORE.EXE:1336 TCP stat1:1563 localhost:1135 CLOSE_WAIT
IEXPLORE.EXE:1336 UDP stat1:1369 *:*
IEXPLORE.EXE:3664 TCP stat1:1721 localhost:1135 ESTABLISHED
IEXPLORE.EXE:3664 UDP stat1:1180 *:*
iSafe.exe:1228 TCP stat1:1025 stat1:0 LISTENING
iSafe.exe:1228 TCP stat1:1026 stat1:0 LISTENING
iSafe.exe:1228 TCP stat1:1025 localhost:1034 ESTABLISHED
iSafe.exe:1228 TCP stat1:1025 localhost:1027 ESTABLISHED
iSafe.exe:1228 TCP stat1:1025 localhost:1051 ESTABLISHED
iSafe.exe:1228 TCP stat1:1026 localhost:1028 ESTABLISHED
iSafe.exe:1228 TCP stat1:1026 localhost:1030 ESTABLISHED
lsass.exe:580 UDP stat1:isakmp *:*
lsass.exe:580 UDP stat1:4500 *:*
MailWasher.exe:1408 TCP stat1:1051 localhost:1025 ESTABLISHED
mysqld-nt.exe:1304 TCP stat1:3306 stat1:0 LISTENING
svchost.exe:808 TCP stat1:epmap stat1:0 LISTENING
svchost.exe:876 UDP stat1:ntp *:*
svchost.exe:876 UDP stat1:ntp *:*
svchost.exe:992 UDP stat1:1900 *:*
svchost.exe:992 UDP stat1:1900 *:*
System:4 TCP stat1:microsoft-ds stat1:0 LISTENING
System:4 TCP stat1:netbios-ssn stat1:0 LISTENING
System:4 UDP stat1:microsoft-ds *:*
System:4 UDP stat1:netbios-ns *:*
System:4 UDP stat1:netbios-dgm *:*
VetMsg.exe:1680 TCP stat1:1027 localhost:1025 ESTABLISHED
VetMsg.exe:1680 TCP stat1:1028 localhost:1026 ESTABLISHED
- mozerd - Mar. 03, 2006 04:13 PM
Soory about the mess above
- ProxRocks - Mar. 03, 2006 05:32 PM
now, can we get the TCPview for when you are running Proxo and with AdSubtract turned "off"?
just curious to see that if AdSub is truly "off" when Proxo is running...
or if AdSub is still intercepting port activity via some system level "service"...
ps - does eTrust AntiVirus need to be told to "trust" Proxo?
- mozerd - Mar. 03, 2006 10:22 PM
ProxRocks Wrote:now, can we get the TCPview for when you are running Proxo and with AdSubtract turned "off"?
just curious to see that if AdSub is truly "off" when Proxo is running...
or if AdSub is still intercepting port activity via some system level "service"...
ps - does eTrust AntiVirus need to be told to "trust" Proxo?
eTrust AntiVirus does not need to be told.
And when I run the Proxomitron as my Proxy server. I actually un-install AddSubtract Pro. I do not run both proxy applications at the same time.
TCPview [by SystemInternals] shows the following stats when using the Proxomitron on startup.
Code:
TCPview [by SystemInternals] shows the following stats when using the Proxomitron on startup.
Port Protocol Local address Remote Address State
[System Process]:0 TCP sta1:1030 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1031 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1032 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1040 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1041 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1046 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1053 localhost:1049 TIME_WAIT
[System Process]:0 TCP sta1:1054 localhost:1048 TIME_WAIT
[System Process]:0 TCP sta1:1060 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1064 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1072 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1073 localhost:1025 TIME_WAIT
[System Process]:0 TCP sta1:1074 localhost:1025 TIME_WAIT
alg.exe :1416 TCP sta1:1037 sta1:0 LISTENING
CAVTray.exe :1904 TCP sta1:1029 localhost:1026 ESTABLISHED
CAVTray.exe :1904 TCP sta1:1033 localhost:1025 ESTABLISHED
DkService.exe :1276 TCP sta1:31038 sta1:0 LISTENING
iSafe.exe :1208 TCP sta1:1025 sta1:0 LISTENING
iSafe.exe :1208 TCP sta1:1026 sta1:0 LISTENING
iSafe.exe :1208 TCP sta1:1025 localhost:1027 ESTABLISHED
iSafe.exe :1208 TCP sta1:1025 localhost:1052 ESTABLISHED
iSafe.exe :1208 TCP sta1:1025 localhost:1033 ESTABLISHED
iSafe.exe :1208 TCP sta1:1026 localhost:1029 ESTABLISHED
iSafe.exe :1208 TCP sta1:1026 localhost:1028 ESTABLISHED
lsass.exe :580 UDP sta1:4500 *:*
lsass.exe :580 UDP sta1:isakmp *:*
MailWasher.exe :376 TCP sta1:1052 localhost:1025 ESTABLISHED
mysqld-nt.exe :1316 TCP sta1:3306 sta1:0 LISTENING
Proxomitron.exe :212 TCP sta1:8080 sta1:0 LISTENING
Proxomitron.exe :212 TCP sta1:1067 www.my-etrust.com:http ESTABLISHED
Proxomitron.exe :212 TCP sta1:1069 consumerdownloads.ca.com:http CLOSE_WAIT
Proxomitron.exe :212 TCP sta1:1071 consumerdownloads-central.ca.com:http CLOSE_WAIT
svchost.exe :812 TCP sta1:epmap sta1:0 LISTENING
svchost.exe :880 UDP sta1:ntp *:*
svchost.exe :880 UDP sta1:ntp *:*
svchost.exe :960 UDP sta1:1900 *:*
svchost.exe :960 UDP sta1:1900 *:*
System :4 TCP sta1:microsoft-ds sta1:0 LISTENING
System :4 TCP sta1:netbios-ssn sta1:0 LISTENING
System :4 UDP sta1:microsoft-ds *:*
System :4 UDP sta1:netbios-dgm *:*
System :4 UDP sta1:netbios-ns *:*
Tcpview.exe :3448 UDP sta1:1075 *:*
VetMsg.exe :2008 TCP sta1:1027 localhost:1025 ESTABLISHED
VetMsg.exe :2008 TCP sta1:1028 localhost:1026 ESTABLISHED
- ProxRocks - Mar. 03, 2006 10:30 PM
hmm, everything seems "normal"...
did Proxo "stop filtering" with that startup?
- mozerd - Mar. 03, 2006 10:34 PM
ProxRocks Wrote:hmm, everything seems "normal"...
did Proxo "stop filtering" with that startup?
Yes, the Proxo "stops filtering" with that startup
- ProxRocks - Mar. 03, 2006 11:14 PM
are you running through any routers or hardware firewalls that is showing any "connection time out" errors?
- mozerd - Mar. 03, 2006 11:19 PM
ProxRocks Wrote:are you running through any routers or hardware firewalls that is showing any "connection time out" errors?
Yes, I am using a ZyWALL 5 hardware Firewall and in checking the logs no time out errors.
- ProxRocks - Mar. 04, 2006 12:52 AM
guess i'm stumped...
over the past three days, i've put Proxo on six different XP (four Pro's, two Home's) SP2 fully-patched systems and all are running seemlessly...
doesn't mean that your situation isn't OS-related, but i simply cannot confirm that it is either...
|