Nbtstat / Arp /Closing Ports

I just want to recap on the info at www.grc.com regarding closing ports; please comment and correct me if needed

I connect to the Net using a 56K dial-up modem and standalone PC. The only Network Components I need are TCP/IP and Dial-Up Adapter. Because I have Win 95A I need to either:

delete vnbt.386 OR
rename vnbt.386 OR
move vnbt.386 out of C:\WINDOWS\SYSTEM

This will then give "Failed to access NBT driver 1" on running "nbtstat -a" in a DOS box, making me secure?

I heard as well as "netstat" that "arp -a" is a good command to monitor ports. Haven't a clue what it does though...?

 

POLO

Greetings.......I am frankly alittle confused here...by no means an I a computer wiz so please keep that in mind,
What I am trying to understand is why you would have to delete anything in order to close your ports ??
Your firewall should close your ports.

snowman

 

POLO

I just visited the link you provide..which is the homepage for grc......is there anything in particular that you are referring to that you can provide a direct link too. ??

snowman

 

https://grc.com/x/ne.dll?bh0bkyd2

Read the pages:

"The following pages provide additional
background, insight, and assistance:"

Network Bondage is the most important page:-
For Win 95/98 http://grc.com/su-rebinding9x.htm

If you are using the very first release of Windows 95 (build 950) your TCP/IP Properties dialog will NOT have a NetBIOS tab! Nor will you be able to close port 139 by unbinding all Microsoft services! I waited until now to mention this since unbinding unneeded services is still what you want to do for security. If you want to close port 139, you can either rename the file "c:\windows\system\vnbt.386" to something else (remember what you renamed it to in case you need to renamed it back!),

 

Why in the world would anybody still be using Windows 95 ?

Stop hurting yourself and get a newer version. Preferably
Windows XP.

 

POLO

thanks for providing the link...will check in out alittle later.

there is still some real confusion on my part.....my lil niece is using win95.....I installed zone alarm free version....then put it through all the port tests.....every test shows showed ALL ports stealth.....(closed) in fact..I even used the port test at grc......showed port 139 stealth........\

please don't mis-understand....I am honestly confused here......cause obviously it can't be both ways..either a port is closed or its not.......

I still have a few old books on win95....when I can spare the time I will research this.....in the mean time I am curious to see what others respond to this.

best regards

snowman

 

POLO

please excuse the delay in responding.......ok...an please correct me if I am in-correct.....
appearantly you want to disable FILE SHARING...

on a win95 I do not know the proper way to do so....but I caution you to not delete anything unless you are absolutely positive thats the correct thing to do......an frankly I have serious doubts about that. hopefully a former win95 user will be able to offer alittle insight here.

POLO did you actually tests your ports......an did the test reveal that any ports were "open" an are you using a firewall did the test show that any information was being revealed ??
snowman

 

POLO


you can check this link out:

http://home.earthlink.net/~rmbox/Reticulated/Toys.html


there is a free program at that site that claims to close the ports you mention........I HAVE NEVER USED ANY OF THE PROGRAMS PERSONALLY SO CAN NOT SUGGEST THE USE OF ANY......... as just stated I don't have personal knowledge of how any of the programs perform...however I have known of people who did use a couple of the programs without problems........I prefer to advise when I have not used a program.....thereafter its your decision

snowman

URL tags added - Forum Admin

 

Snowy

I have to rename or move vnbt.386 as it's Win 95A. This closes 139. So when I "Test my Shields" I get

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Preliminary Internet connection refused!
This is extremely favorable for your system's overall Windows File and Printer Sharing security. Most Windows systems, with the Network Neighborhood installed, hold the NetBIOS port 139 wide open to solicit connections from all passing traffic. Either this system has closed this usually-open port, or some equipment or software such as a "firewall" is preventing external connection and has firmly closed the dangerous port 139 to all passersby. (Congratulations!)

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Is this what you get? I have no firewall. I think you are supposed to do the test with the firewall OFF?

"Probe my Ports" reports all ports are CLOSED except Telnet which is Stealth!

PS Found this site: 30 Commandments of Security, this is list of checks, kinda "cute".

http://www.radsoft.net/security/si.html
http://www.radsoft.net/security/check.html

 

How to assess if the pack of wolves in front of you are friendly or aggressive: try exposing your throat to them. ;(

 

Any 'test' that requires you either (a) download something voluntarily to your computer before you can take it or (b) turn off anything you'd have running in the normal course of events is totally invalid.

If their 'test' was so good, it would be able to bypass whatever you've got on your computer to start with - that's the only way it could show you a real vulnerability on your system. Pete

 

Okay, so what do my results show? Good, bad? Do I definitely need a firewall?

 

Hi Polo,
It looks just fine. Firewalls always help.

Since you have Win95, think about using these two free programs..they are small in size but will do most of the things you will want to know about that system.



Do yourself a favor and download this tool and you will not have to fool around with CTRL+ALT+DEL any more and you will be able to see everything that is really running on your PC.

http://www.turboware.com/WhatsHappening.htm


We are now distributing the Freeware version of What's Happening - A handy utility that displays all of the programs and dll's running on your system (and more). The current version is 1.02. What's Happening is also being distributed on the companion diskette for "Microsoft Windows 2000 Professional Expert Companion," a book to be published this summer by Microsoft Press. The author is Carl Siechert.



Netmon is a compact, easy-to-use network information utility. It displays infomation pertaining to the IP, TCP, UDP and ICMP protocols. It's main purpose is viewing connections made using TCP and UDP protocols from or to your computer. This information may prove very useful in hunting trojans (or other suspicious activity) present in your system.
Netmon is a graphical conversion of the "netstat" utility shipped with Windows. It's main advantages over the console based version, is the graphical user interface (GUI), the database of common trojan ports and the complete list of well-known ports (the ports that are numbered below 1024 and reserved for different applications).

Users familiar with the netstat utility should feel at home with the GUI and the information presented.

Copyright (c) 1999-2001 Johan Samuelson

You can download it here.
netmon160.exe
http://nidaho.net/1way/files/files.htm

 

POLO

yes you need a firewall!!!!!!!! AN NEVER TURN IT OFF FOR ANY TEST ANY WHERE!!!!!!!
ok POLO....a firewall is a critically and essentially needed program. So for your sake.....install one immediately. if you can not afford to purchase one..hey thats no big deal.....there are numerous free firewalls......if you want suggestions on which firewall to use...well no doubt you could get thousands of suggestions and be reading them till christmas.....so lets get past that...an install a firewall.........if you are not experienced and need help installing a firewall...again no big deal...the folks here may offer you great advice and instructions...get a firewall!!

free firewalls : Look and Stop
Kerio
OutPost
Sygate
Zone Alarm

****there are more...none is not purposely not being mentioned....its a busy day...an you need a firewall...so I just list a few.....
Now you can spend (waste) alot of time..are you can just get the firewall protection...your choice. As Checkout so beautifully expressed....without a firewall..the wolves...
.....an certainly may I respectfully suggest that you heed the advice of Spy 1 .....
before installing anything else...install a firewall...

snowman

p.s. Polo....do you have an anti-virus program ?
if you can not afford to purchase such a program
there are free ones.....be sure to check the
"freetools" at wilders.

 

POLO

having posted the above reply..will now take a moment to respond to your question of "do I definitely need a firewall"
POLO every personal computer needs a firewall....of some sort.....an don't go messing around the internet without one......an DON"T TURN IT OFF!!!
at this very moment..without a firewall a hacker could be using your computer...to attack any computer..to hack into another computer or server,,, without a firewall your computer can become a ZOMBIE in seconds...controled by someone else...any you would most likely never be awear.
an go with the advice spy 1 gave......never lower that firewall..not for tests...or anything else. when the firewall is disabled...bang! you can be hacked!! if you are asked or told to dis-able your firewall DON'T...
now POLO..please go pick out a firewall and install it as soon as possible.....

snowman

 

MYNET

nither of the programs you listed would offer the protection that a firewall does. Both the programs you listed are monitoring tools.........

best regards

snowman

 

Snowy

Yes my trust is in Kaspersky AVP - that's my main scanner. But I use backup scanners, DOS if I can get it of NOD32, Dr Web, Sophos, AVAST32, F-PROT, NAI, etc. Basically as a hobby I download defs every month and do a full scan on the highest settings. I update AVP weekly. I think a lot of virus infections is due to spam, if you get spam sometimes it is viruses and ppl click on them.

 

That is correct..in fact each is explained exactly what they will do...
you can handle the firewall thing.

 

MY NET

LOL........nope not me.....I am officially out of the firewall loop...other than for self learning purposes......as of yesterday and today my attitude has dramatically changed.

oh...WhatsHappening" was very interesting...thanks for providing the link.


snowman

 

I see that..are you ok..how about lets talk by IM here..many of us are concerned about you guy..Is there any thing I can do.

Regards and Respect,
John

 

MYNET

you have mail ! an thank you for your concern....believe me its truely appricated......yes, for the most part I am okay.....having a relaspe of my illness today...but this will pass// my own fault...didn't take care of myself the past couple of days.
this of course is off topic...but I think the mods will forgive this one time......its always nice to see when members are sincerely concerned for the well being of each other.....(but I best not push the mods LOL )

snowman

 

Hi. I just read thru this and theres a couple of things that need to be said, I think.
First of all, windows and maybe some other applications open ports to the internet. Sometimes this is good and sometimes this is not so good. The correct way to close a port is to do so through the program that opened it. Many ports can be closed in Windows by shutting down any number of services.
It can be very disasterous to close a port with a third party application if you do not know what you are doing.
One of the major functions of a firewall is to either block or stealth ports. When a firewall blocks a port, it will send a packet back to a requestor saying that port is closed. When a firewall stealths a port, it drops any packets coming to that port, thus there appears to be nothing there. Firewalls do not close ports as a general rule.
It is ok to have a site run a scan on you with your firewall down (assuming its a trusted site) to see what ports are inherently open on your machine without tweaking. For those that know more about computers and OSs than I do, it is possible to tighten up Win2k and WinXP pretty tight without out a firewall. This involves tight controls of the services loaded at startup and applications running. For Win95 and Win98SE, forget it. At any rate, a firewall should be used, if for no other reason, it is a backup line of defense and gives you good information on what is trying to get into and out of your computer. Using port monitors works, if you want to set there looking at a port monitor all the time to see what your computer is doing. Then as soon as some traffic shows that your not sure of, you kill your connection.
Also, Polo, unless I misunderstand - an antivirus doesn't have anything to do with the protection you get from a firewall.
Snowey, I'm curious about your statement.
".I am officially out of the firewall loop...other than for self learning purposes......as of yesterday and today my attitude has dramatically changed"

 

ROOT

wow...you brought back memories....the subject of ports is the very first post I saw by you....what..a couple of years ago....you were very informative back then an even more so now.......
at a later time perhaps I will pm you about that statement.......not now though......rest assured there is no problem....just a personal decision.

snowman