netstat make Firewall redundant???

Discussion in 'other firewalls' started by polo, Dec 27, 2002.

Thread Status:
Not open for further replies.
  1. polo

    polo Guest

    I've asked this before here, whether analysis of the output of netstat is_enough_.

    Windows95A, 56K modem, single standalone home use for simple Net surfing and email.

    When I connect to the net via dial-up modem and do "netstat -a" in DOS I see no output (other than 2 lines of 127.0.0 which is safe). If I connect to www.microsoft.com I EXPECT to see that line appearing. So if all connections are "as expected" I'm safe? Doing netstat regularly is a firewall still then necessary? "netstat [interval]" executes it so many seconds.

    PS The fact I only see 2 lines when I connect is proof I have ALL ports closed (via following instructions at www.grc.com) or just removed the NetBIOS/NetBEUI thingy?

    http://grc.com/su-bondage.htm

    "nbtstat -n" gives "Failed to access NBT driver 1" is this good?

    "If you are using the very first release of Windows 95 (build 950) your TCP/IP Properties dialog will NOT have a NetBIOS tab! Nor will you be able to close port 139 by unbinding all Microsoft services! I waited until now to mention this since unbinding unneeded services is still what you want to do for security. If you want to close port 139, you can either rename the file "c:\windows\system\vnbt.386" to something else"

    BTW, can someone list useful commands e.g. netstat, nbtstat, arp. What exactly is arp for?
     
  2. polo

    polo Guest

    If the IP address under "Local Address" is always my ISP then I'm not being hacked?
     
  3. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Netstat will not take the place of a firewall. It is a passive reporting tool only. A firewall, properly configured, will protect you actively and it monitors traffic in real time.
    For netstat to be effective at all, you would have to have it showing and refresh it constantly, to watch for new traffic.
    It's just not the same thing.
     
  4. snowman

    snowman Guest

    Complete agree with Root....netstat is not a replacement for a firewall.....thats not its intended purpose.
     
  5. snowman

    snowman Guest

    Polo......on dial-up huh.....see who is listening on ports 137 tcp 138 udp 139 udp...........no those ports will never show open because of the listener......just for fun see if you can id who/what is on those ports......
     
Loading...
Thread Status:
Not open for further replies.