polo
December 27th, 2002, 10:21 AM
I've asked this before here, whether analysis of the output of netstat is_enough_.
Windows95A, 56K modem, single standalone home use for simple Net surfing and email.
When I connect to the net via dial-up modem and do "netstat -a" in DOS I see no output (other than 2 lines of 127.0.0 which is safe). If I connect to www.microsoft.com I EXPECT to see that line appearing. So if all connections are "as expected" I'm safe? Doing netstat regularly is a firewall still then necessary? "netstat [interval]" executes it so many seconds.
PS The fact I only see 2 lines when I connect is proof I have ALL ports closed (via following instructions at www.grc.com) or just removed the NetBIOS/NetBEUI thingy?
http://grc.com/su-bondage.htm
"nbtstat -n" gives "Failed to access NBT driver 1" is this good?
"If you are using the very first release of Windows 95 (build 950) your TCP/IP Properties dialog will NOT have a NetBIOS tab! Nor will you be able to close port 139 by unbinding all Microsoft services! I waited until now to mention this since unbinding unneeded services is still what you want to do for security. If you want to close port 139, you can either rename the file "c:\windows\system\vnbt.386" to something else"
BTW, can someone list useful commands e.g. netstat, nbtstat, arp. What exactly is arp for?
Windows95A, 56K modem, single standalone home use for simple Net surfing and email.
When I connect to the net via dial-up modem and do "netstat -a" in DOS I see no output (other than 2 lines of 127.0.0 which is safe). If I connect to www.microsoft.com I EXPECT to see that line appearing. So if all connections are "as expected" I'm safe? Doing netstat regularly is a firewall still then necessary? "netstat [interval]" executes it so many seconds.
PS The fact I only see 2 lines when I connect is proof I have ALL ports closed (via following instructions at www.grc.com) or just removed the NetBIOS/NetBEUI thingy?
http://grc.com/su-bondage.htm
"nbtstat -n" gives "Failed to access NBT driver 1" is this good?
"If you are using the very first release of Windows 95 (build 950) your TCP/IP Properties dialog will NOT have a NetBIOS tab! Nor will you be able to close port 139 by unbinding all Microsoft services! I waited until now to mention this since unbinding unneeded services is still what you want to do for security. If you want to close port 139, you can either rename the file "c:\windows\system\vnbt.386" to something else"
BTW, can someone list useful commands e.g. netstat, nbtstat, arp. What exactly is arp for?