Nbtstat / Arp /Closing Ports

Discussion in 'other firewalls' started by polo, Jul 22, 2002.

Thread Status:
Not open for further replies.
  1. polo

    polo Guest

    I just want to recap on the info at www.grc.com regarding closing ports; please comment and correct me if needed

    I connect to the Net using a 56K dial-up modem and standalone PC. The only Network Components I need are TCP/IP and Dial-Up Adapter. Because I have Win 95A I need to either:

    delete vnbt.386 OR
    rename vnbt.386 OR
    move vnbt.386 out of C:\WINDOWS\SYSTEM

    This will then give "Failed to access NBT driver 1" on running "nbtstat -a" in a DOS box, making me secure?

    I heard as well as "netstat" that "arp -a" is a good command to monitor ports. Haven't a clue what it does though...?
     
  2. snowy

    snowy Guest

    POLO

    Greetings.......I am frankly alittle confused here...by no means an I a computer wiz so please keep that in mind,
    What I am trying to understand is why you would have to delete anything in order to close your ports ??
    Your firewall should close your ports.

    snowman
     
  3. snowy

    snowy Guest

    POLO

    I just visited the link you provide..which is the homepage for grc......is there anything in particular that you are referring to that you can provide a direct link too. ??

    snowman
     
  4. polo

    polo Guest

    https://grc.com/x/ne.dll?bh0bkyd2

    Read the pages:

    "The following pages provide additional
    background, insight, and assistance:"

    Network Bondage is the most important page:-
    For Win 95/98 http://grc.com/su-rebinding9x.htm

    If you are using the very first release of Windows 95 (build 950) your TCP/IP Properties dialog will NOT have a NetBIOS tab! Nor will you be able to close port 139 by unbinding all Microsoft services! I waited until now to mention this since unbinding unneeded services is still what you want to do for security. If you want to close port 139, you can either rename the file "c:\windows\system\vnbt.386" to something else (remember what you renamed it to in case you need to renamed it back!),
     
  5. controler

    controler Guest

    Why in the world would anybody still be using Windows 95 ?

    Stop hurting yourself and get a newer version. Preferably
    Windows XP. ;)
     
  6. snowy

    snowy Guest

    POLO

    thanks for providing the link...will check in out alittle later.

    there is still some real confusion on my part.....my lil niece is using win95.....I installed zone alarm free version....then put it through all the port tests.....every test shows showed ALL ports stealth.....(closed) in fact..I even used the port test at grc......showed port 139 stealth........\

    please don't mis-understand....I am honestly confused here......cause obviously it can't be both ways..either a port is closed or its not.......

    I still have a few old books on win95....when I can spare the time I will research this.....in the mean time I am curious to see what others respond to this.

    best regards

    snowman
     
  7. snowy

    snowy Guest

    POLO

    please excuse the delay in responding.......ok...an please correct me if I am in-correct.....
    appearantly you want to disable FILE SHARING...

    on a win95 I do not know the proper way to do so....but I caution you to not delete anything unless you are absolutely positive thats the correct thing to do......an frankly I have serious doubts about that. hopefully a former win95 user will be able to offer alittle insight here.

    POLO did you actually tests your ports......an did the test reveal that any ports were "open" an are you using a firewallo_O did the test show that any information was being revealed ??
    snowman
     
  8. snowy

    snowy Guest

    POLO


    you can check this link out:

    http://home.earthlink.net/~rmbox/Reticulated/Toys.html


    there is a free program at that site that claims to close the ports you mention........I HAVE NEVER USED ANY OF THE PROGRAMS PERSONALLY SO CAN NOT SUGGEST THE USE OF ANY......... as just stated I don't have personal knowledge of how any of the programs perform...however I have known of people who did use a couple of the programs without problems........I prefer to advise when I have not used a program.....thereafter its your decision

    snowman

    URL tags added - Forum Admin
     
  9. polo

    polo Guest

    Snowy

    I have to rename or move vnbt.386 as it's Win 95A. This closes 139. So when I "Test my Shields" I get

    Attempting connection to your computer. . .
    Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

    Preliminary Internet connection refused!
    This is extremely favorable for your system's overall Windows File and Printer Sharing security. Most Windows systems, with the Network Neighborhood installed, hold the NetBIOS port 139 wide open to solicit connections from all passing traffic. Either this system has closed this usually-open port, or some equipment or software such as a "firewall" is preventing external connection and has firmly closed the dangerous port 139 to all passersby. (Congratulations!)

    Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

    Is this what you get? I have no firewall. I think you are supposed to do the test with the firewall OFF?

    "Probe my Ports" reports all ports are CLOSED except Telnet which is Stealth!

    PS Found this site: 30 Commandments of Security, this is list of checks, kinda "cute".

    http://www.radsoft.net/security/si.html
    http://www.radsoft.net/security/check.html
     
  10. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    How to assess if the pack of wolves in front of you are friendly or aggressive: try exposing your throat to them. ;(
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Any 'test' that requires you either (a) download something voluntarily to your computer before you can take it or (b) turn off anything you'd have running in the normal course of events is totally invalid.

    If their 'test' was so good, it would be able to bypass whatever you've got on your computer to start with - that's the only way it could show you a real vulnerability on your system. Pete
     
  12. polo

    polo Guest

    Okay, so what do my results show? Good, bad? Do I definitely need a firewall?
     
  13. Hi Polo,
    It looks just fine. :) Firewalls always help.

    Since you have Win95, think about using these two free programs..they are small in size but will do most of the things you will want to know about that system.



    Do yourself a favor and download this tool and you will not have to fool around with CTRL+ALT+DEL any more and you will be able to see everything that is really running on your PC.

    http://www.turboware.com/WhatsHappening.htm


    We are now distributing the Freeware version of What's Happening - A handy utility that displays all of the programs and dll's running on your system (and more). The current version is 1.02. What's Happening is also being distributed on the companion diskette for "Microsoft Windows 2000 Professional Expert Companion," a book to be published this summer by Microsoft Press. The author is Carl Siechert.



    Netmon is a compact, easy-to-use network information utility. It displays infomation pertaining to the IP, TCP, UDP and ICMP protocols. It's main purpose is viewing connections made using TCP and UDP protocols from or to your computer. This information may prove very useful in hunting trojans (or other suspicious activity) present in your system.
    Netmon is a graphical conversion of the "netstat" utility shipped with Windows. It's main advantages over the console based version, is the graphical user interface (GUI), the database of common trojan ports and the complete list of well-known ports (the ports that are numbered below 1024 and reserved for different applications).

    Users familiar with the netstat utility should feel at home with the GUI and the information presented.

    Copyright (c) 1999-2001 Johan Samuelson

    You can download it here.
    netmon160.exe
    http://nidaho.net/1way/files/files.htm
     
  14. snowy

    snowy Guest

    POLO

    yes you need a firewall!!!!!!!! AN NEVER TURN IT OFF FOR ANY TEST ANY WHERE!!!!!!!
    ok POLO....a firewall is a critically and essentially needed program. So for your sake.....install one immediately. if you can not afford to purchase one..hey thats no big deal.....there are numerous free firewalls......if you want suggestions on which firewall to use...well no doubt you could get thousands of suggestions and be reading them till christmas.....so lets get past that...an install a firewall.........if you are not experienced and need help installing a firewall...again no big deal...the folks here may offer you great advice and instructions...get a firewall!!

    free firewalls : Look and Stop
    Kerio
    OutPost
    Sygate
    Zone Alarm

    ****there are more...none is not purposely not being mentioned....its a busy day...an you need a firewall...so I just list a few.....
    Now you can spend (waste) alot of time..are you can just get the firewall protection...your choice. As Checkout so beautifully expressed....without a firewall..the wolves...
    .....an certainly may I respectfully suggest that you heed the advice of Spy 1 .....
    before installing anything else...install a firewall...

    snowman

    p.s. Polo....do you have an anti-virus program ?
    if you can not afford to purchase such a program
    there are free ones.....be sure to check the
    "freetools" at wilders.
     
  15. snowy

    snowy Guest

    POLO

    having posted the above reply..will now take a moment to respond to your question of "do I definitely need a firewall"
    POLO every personal computer needs a firewall....of some sort.....an don't go messing around the internet without one......an DON"T TURN IT OFF!!!
    at this very moment..without a firewall a hacker could be using your computer...to attack any computer..to hack into another computer or server,,, without a firewall your computer can become a ZOMBIE in seconds...controled by someone else...any you would most likely never be awear.
    an go with the advice spy 1 gave......never lower that firewall..not for tests...or anything else. when the firewall is disabled...bang! you can be hacked!! if you are asked or told to dis-able your firewall DON'T...
    now POLO..please go pick out a firewall and install it as soon as possible.....

    snowman
     
  16. snowy

    snowy Guest

    MYNET

    nither of the programs you listed would offer the protection that a firewall does. Both the programs you listed are monitoring tools.........

    best regards

    snowman
     
  17. polo

    polo Guest

    Snowy

    Yes my trust is in Kaspersky AVP - that's my main scanner. But I use backup scanners, DOS if I can get it of NOD32, Dr Web, Sophos, AVAST32, F-PROT, NAI, etc. Basically as a hobby I download defs every month and do a full scan on the highest settings. I update AVP weekly. I think a lot of virus infections is due to spam, if you get spam sometimes it is viruses and ppl click on them.
     

  18. That is correct..in fact each is explained exactly what they will do...
    you can handle the firewall thing.
     
  19. snowman

    snowman Guest

    MY NET

    LOL........nope not me.....I am officially out of the firewall loop...other than for self learning purposes......as of yesterday and today my attitude has dramatically changed.

    oh...WhatsHappening" was very interesting...thanks for providing the link.


    snowman
     
  20. I see that..are you ok..how about lets talk by IM here..many of us are concerned about you guy..Is there any thing I can do.

    Regards and Respect,
    John
     
  21. snowman

    snowman Guest

    MYNET

    you have mail ! an thank you for your concern....believe me its truely appricated......yes, for the most part I am okay.....having a relaspe of my illness today...but this will pass// my own fault...didn't take care of myself the past couple of days.
    this of course is off topic...but I think the mods will forgive this one time......its always nice to see when members are sincerely concerned for the well being of each other.....(but I best not push the mods LOL )

    snowman
     
  22. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi. I just read thru this and theres a couple of things that need to be said, I think.
    First of all, windows and maybe some other applications open ports to the internet. Sometimes this is good and sometimes this is not so good. The correct way to close a port is to do so through the program that opened it. Many ports can be closed in Windows by shutting down any number of services.
    It can be very disasterous to close a port with a third party application if you do not know what you are doing.
    One of the major functions of a firewall is to either block or stealth ports. When a firewall blocks a port, it will send a packet back to a requestor saying that port is closed. When a firewall stealths a port, it drops any packets coming to that port, thus there appears to be nothing there. Firewalls do not close ports as a general rule.
    It is ok to have a site run a scan on you with your firewall down (assuming its a trusted site) to see what ports are inherently open on your machine without tweaking. For those that know more about computers and OSs than I do, it is possible to tighten up Win2k and WinXP pretty tight without out a firewall. This involves tight controls of the services loaded at startup and applications running. For Win95 and Win98SE, forget it. At any rate, a firewall should be used, if for no other reason, it is a backup line of defense and gives you good information on what is trying to get into and out of your computer. Using port monitors works, if you want to set there looking at a port monitor all the time to see what your computer is doing. Then as soon as some traffic shows that your not sure of, you kill your connection.
    Also, Polo, unless I misunderstand - an antivirus doesn't have anything to do with the protection you get from a firewall.
    Snowey, I'm curious about your statement.
    ".I am officially out of the firewall loop...other than for self learning purposes......as of yesterday and today my attitude has dramatically changed"
     
  23. snowman

    snowman Guest

    ROOT

    wow...you brought back memories....the subject of ports is the very first post I saw by you....what..a couple of years ago....you were very informative back then an even more so now.......
    at a later time perhaps I will pm you about that statement.......not now though......rest assured there is no problem....just a personal decision.

    snowman
     
Thread Status:
Not open for further replies.