Re: netstat makes a Firewall redundant?

From: Bill Crocker (wcrocker007@comcast.net)
Date: 12/27/02 

From: "Bill Crocker" <wcrocker007@comcast.net>
Date: Fri, 27 Dec 2002 10:30:15 -0500

Netstat will show what's connected, but it won't prevent anything from
connecting.

Bill Crocker

<dbc@dbc.dbc> wrote in message news:3E0C6B47.4F2420A1@dbc.dbc...
> Windows95A, 56K modem, single standalone home use.
>
> When I connect to the net via dial-up modem and do "netstat -a" in DOS
> I see no output (other than 2 lines of 127.0.0 which is safe). If I
> connect to www.microsoft.com I EXPECT to see that line appearing. So if
> all connections are "as expected" I'm safe? Doing netstat regularly is
> a firewall still then necessary? "netstat [interval]" executes it so
> many seconds.
>
> If the IP address under "Local Address" is my ISP then I'm not being
> hacked?
>
> PS The fact I only see 2 lines when I connect is proof I have ALL ports
> closed (via following instructions at www.grc.com) or just removed the
> NetBIOS/NetBEUI thingy?
>
> http://grc.com/su-bondage.htm
>
> "nbtstat -n" gives "Failed to access NBT driver 1" is this good?
>
> "If you are using the very first release of Windows 95 (build 950) your
> TCP/IP Properties dialog will NOT have a NetBIOS tab! Nor will you be
> able to close port 139 by unbinding all Microsoft services! I waited
> until now to mention this since unbinding unneeded services is still
> what you want to do for security. If you want to close port 139, you
> can either rename the file "c:\windows\system\vnbt.386" to something
> else"
>
> BTW, can someone list useful commands e.g. netstat, nbtstat, arp.
> What exactly is arp for?

Relevant Pages

  • RE: I think Ive been hacked...please help!
    ... > connecting within seconds of boot. ... port scanning the machine from the outside ... experience performing incident response activities, ... one will run netstat and see something listening on ...
    (Incidents)
  • netstat makes a Firewall redundant?
    ... I see no output (other than 2 lines of 127.0.0 which is safe). ... Doing netstat regularly is ... If you want to close port 139, ... BTW, can someone list useful commands e.g. netstat, nbtstat, arp. ...
    (comp.security.misc)
  • netstat makes a Firewall redundant?
    ... I see no output (other than 2 lines of 127.0.0 which is safe). ... Doing netstat regularly is ... If you want to close port 139, ... BTW, can someone list useful commands e.g. netstat, nbtstat, arp. ...
    (comp.security.firewalls)
  • Re: netstat makes a Firewall redundant?
    ... Netstat will show what's connected, but it won't prevent anything from ... connecting. ... If you want to close port 139, ... > BTW, can someone list useful commands e.g. netstat, nbtstat, arp. ...
    (comp.security.firewalls)
  • Re: Have I been compromised? chkrootkit: "Warning: Possible LKM Trojan installed" - nmap:
    ... assuming netstat wasn't one of the programs ... listed there for port 1313 correspond to the PIDs chkproc spit out. ... all your services while you upgrade all the software that needs upgrading. ... > Every week or so I'll run chkrootkit, mostly just because I feel I ...
    (comp.os.linux.security)