Hello,
I recently got some time and money to start my journey with an Asus with Merlinwrt in it and started exploring choices to replace my DNS. I was checking many options but finally, as a test, I decided to go with NextDNS as it was quick and easy.
Until then... all was ok.
Until I checked NextDNS's logs and found that there was an A call to a domain from my computer belonging to my company. This is a personal computer where I was basically forced to install a VPN software from my company at the beginning of the pandemic. I never liked the idea but doing some tests I saw in practice it only seems to en-route through the company's intranet. Even so, since I really don't trust the IT guys I shut down the service most of the time and disable the local network and have the app terminated, of course.
I thought I was ok but... doesn't seem so. My PC is making calls to the wpad. address of two domains from my company and I don't like this at all.
I don't have the expertise of why this is happening nor what does it implies but I am feeling deeply uncomfortable since I discovered it.
For now I have blocked these calls and did some overall cleaning and checking of the system but didn't get to remove the calls, my only option being removing the vpn software, but since I need to use it for work that is not an option. Said so, I don't even know if this is the process making the calls.
I need to know.
I need to know what process is calling that domain and am... defenseless. I tried to use Wireshark and other software but am too much of a noob to take out anything from it.
Can anybody please guide me how to get the info am looking for?
Treat me like a granny learning to send an e-mail, please, am truly a noob when it comes to packet tracing and all that.
I recently got some time and money to start my journey with an Asus with Merlinwrt in it and started exploring choices to replace my DNS. I was checking many options but finally, as a test, I decided to go with NextDNS as it was quick and easy.
Until then... all was ok.
Until I checked NextDNS's logs and found that there was an A call to a domain from my computer belonging to my company. This is a personal computer where I was basically forced to install a VPN software from my company at the beginning of the pandemic. I never liked the idea but doing some tests I saw in practice it only seems to en-route through the company's intranet. Even so, since I really don't trust the IT guys I shut down the service most of the time and disable the local network and have the app terminated, of course.
I thought I was ok but... doesn't seem so. My PC is making calls to the wpad. address of two domains from my company and I don't like this at all.
I don't have the expertise of why this is happening nor what does it implies but I am feeling deeply uncomfortable since I discovered it.
For now I have blocked these calls and did some overall cleaning and checking of the system but didn't get to remove the calls, my only option being removing the vpn software, but since I need to use it for work that is not an option. Said so, I don't even know if this is the process making the calls.
I need to know.
I need to know what process is calling that domain and am... defenseless. I tried to use Wireshark and other software but am too much of a noob to take out anything from it.
Can anybody please guide me how to get the info am looking for?
Treat me like a granny learning to send an e-mail, please, am truly a noob when it comes to packet tracing and all that.
