I am sorry if this whole thing seems confusing.

As far as posting specific details pertaining to system types and firewalls and such, I will try to give you what I can after a bit of explanation.

But first, the real problem.

In my section - the Promotion section - there is this person who has truly developed his IT knowledge and skills. By all rights, he could be the top of our IT section. Unfortunately he is so self serving that my company will not allow him to be the top because he is down right dangerous.

So, what happens is this person whats to show the company how "incompetent" our IT people are. From time to time he creates "little" disturbances to try and up his own personal value. You see, this person used to be in the IT section, so he basically has access to anything he wants at present.

This then brings us to my question and problem.

Certain decision making personnel in my department have started to experience trouble when they try to access the internet from our intranet. Up until recently this task presented no trouble. (BTW, In my examples with A and B, A is the person having trouble)

As such I believe this "unhappy" person has been tinkering with something in such a way as to try and force my company to put him in power.

I want to try and confirm his tinkering, if it is tinkering. If it is not, I would like to try and fix the problem anyway.

I get the feeling that because some internet pages are viewable without problem on the PCs that are having trouble, our "unhappy" person has been tinkering with our firewall, proxy server and settings, or something else.

Of course, there is always the possibility that our "unhappy" person has not tinkered with anything. But then again, no definite patterns can be seen in the PCs (and PCs environments) that experience problems and those that do not, so this problem looks/feels to be "man made".

This is my situation.

As for details, what I have is the following ( from nmap):

Device type: general purpose|router|load balancer|firewall
Running (JUST GUESSING) : HP HP-UX 11.X|10.X (93%), Cabletron embedded (90%), FreeBSD 4.X|3.X (89%), NetBSD (89%), Cisco IOS 12.X (88%), F5 Labs BSDI (88%), Secure Computing embedded (88%), BSDI BSD/OS 3.X (87%)
Aggressive OS guesses: HP-UX B11.00 U 9000/839 (93%), Cabletron Smart Switch Router 8600 (90%), FreeBSD 4.4-STABLE (89%), FreeBSD 4.7-STABLE (89%), HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0 (89%), HP-UX 10.20 (89%), NetBSD 1.3I through 1.6 (89%), Cisco router running IOS 12.1.5-12.2.13a (88%), Cisco IOS 12.0(3.3)S (perhaps a 7200 router) (88%), F5 Labs Big/IP HA TCP/IP Load Balancer (BSDI kernel/x86) (88%)

Additionally, I believe that all requests to the internet from inside our intranet go through a proxy, which I believe to be squid.

So, there you have it. I suppose this is all very confusing as it should be.

My basic question then, or, perhaps better put, the point that stumps me the most then is the fact that while most internet pages are "unviewable", some may be viewed with no problem. Additionally, pages on our company's internet site that can not be view , are viewable when downloaded to an intranet server. This really stumps me! Why is this possible if someone has no been tinkering with something?

Sorry for the long story.