TDS plug-in: TCP Inspector

Discussion in 'Trojan Defence Suite' started by A884126, May 22, 2004.

Thread Status:
Not open for further replies.
  1. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Hi.

    After launching TCP Inspector plug-in all connections failed except NetBios.
    Trying NetBIOS [135] . Connected
    What should I do to get it failed?
    BTW test on PCFlank and on GRC are stealth and no open ports.

    Thanks for your help.
    Pete

    PS: see file attached
     

    Attached Files:

  2. FanJ

    FanJ Guest

    Last edited by a moderator: May 22, 2004
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello and welcome!
    Isn't it on XP systems that port 135 should be accessable for several functions to work properly?
    But do have a look at those links!
     
    Last edited: May 22, 2004
  4. FanJ

    FanJ Guest

    Hi again,

    Do you have perhaps PortExplorer from DiamondCS?
    It is a very good program for showing you which ports are open, by which process, etc.
    BTW: it is not free.

    It gives you more info than TCP-Inspector in TDS-3.

    I think there is a trial-version, but I'm sure that Jooske can tell you more about that ;)

    If you have PortExplorer, what does it tell you about the NetBIOS port(s)?

    If you're asking yourself which of those free tools to use, that I mentioned in my first reply, I think I would say go for the one from Gkweb.
    I'll ask Gkweb to have a look at this thread too ;)

    Regards, Jan.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Jan, you know for each DiamondCS program is a free evaluation version, and there are many free tools there as well.
    www.diamondcs.com.au/portexplorer and you're happy for many days free and you can decide to register the software if you like it.
    I love to be able to spy on packets from applications. People who open honeypots at times can really see what happens and what an attacker is trying to do. BTW: also in TDS with the Port Listen function one can see packets -- remember several years ago with CodeRed how we let them in with that tool to discover the new variants? You can even change the code and connect back if you really would like to interact with them.
     
  6. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    your screenshot is weird because 135 is DCOM RPC and NetBIOS is 137/138 UDP and 139 TCP.
    From your screenshot we can see that your port 135 is opened, which is perfectly normal, and about 139 (NetBIOS) there is those dot "." without a results failed/connected.

    About GRC and PCFlank test, the results can totally be different if you are running a firewall which will block the packets sent to these ports.
    Unlike online scanning, the TCP inspector scan from your local computer and show you what ports are opened. Then, these ports can be really opened, but seen as closed if blocked by a firewall.

    As advised you can use the trial Port Explorer from DiamondCS to have a complete list of opened ports.

    You can close the port 135 with the tool WWDC linked by FanJ, but be aware that doing that will make the scheduler service to fail to start on XP/2003.

    regards,

    gkweb.
     
  7. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    It screw up my internet connection after I disabled NetBios! I had to go through a Restore in order to get back my connection.
    I could not get any IP, and even after getting it with a IPconfig /renew, the internet connection just did not work...

    To tell you the truth I really don't know.

    No I do not.

    True Outpost might block them

    BTW most of WWDC are related to a MS Security Warning. Then having Windows fully patched shouldn't be a problem, right?
     

    Attached Files:

    • WWDC.GIF
      WWDC.GIF
      File size:
      21.6 KB
      Views:
      176
  8. FanJ

    FanJ Guest

    Hi A884126,

    I offer my sincere apologies to you for all those troubles !
    I am really sorry that this happened after my suggestion.
    I didn't know that this could happen... :oops: :oops: :oops:

    Sorry !

    Best regards, Jan.
     
  9. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I'm really sorry you have encounter such troubles, but if i am allowed to add a word :

    on normal circumstances, using WWDC is equal to manually disabling services, either in the service manager or in the registry, WWDC does nothing more than that and do not install anything which could conflicts.

    So if disabling NetBIOS with wwdc "screw up" a computer, then manually do it does too, which could proove that (may be) many network related apps has been installed and uninstalled, and that the registry is before using WWDC already damaged.

    All WWDC features were tested on win 2000/XP/2003 without causing any troubles.

    That's right :)

    regards,

    gkweb.
     
    Last edited: May 23, 2004
  10. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    FanJ, no worry as everything went back to normal. It is by doing things like that, that I learn.

    gkweb, thanks for your feedback.
     
Thread Status:
Not open for further replies.