Which of these netstat connections should be banned on WinXP?

Which of these netstat connections should be banned on WinXP?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Which of these netstat connections should be banned on WinXP? Barbara Bailey 03-23-2006
Posted by Barbara Bailey on March 23, 2006, 2:57 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Which of these netstat connections should I ban on Windows XP?

I thought I was protected on a home wireless network behind a d-link
router. But coworkers said that with BitTorrent, even with avast and sygate
running I should run the netstat ban command to find what to ban and then
ban it.

Running the netstat ban command gave me the output below.
Can you help point me to the right connections to kill daily?

I appreciate your help
Barbara



Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\babs> netstat -ban
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 2552
[alg.exe]

TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 2584
[ashMaiSv.exe]

TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 308
[ashWebSv.exe]

TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 2584
[ashMaiSv.exe]

TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 2584
[ashMaiSv.exe]

TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 2584
[ashMaiSv.exe]

TCP 192.168.0.100:139 0.0.0.0:0 LISTENING 4
[System]

TCP 127.0.0.1:1996 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:1998 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:2000 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:2003 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:2005 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:2007 127.0.0.1:12080 TIME_WAIT 0
TCP 192.168.0.100:1975 70.86.5.131:80 TIME_WAIT 0
TCP 192.168.0.100:1977 70.86.5.131:80 TIME_WAIT 0
UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:500 *:* 1004
[lsass.exe]

UDP 0.0.0.0:4693 *:* 1488
[smc.exe]

UDP 0.0.0.0:1025 *:* 1360
[BTStackServer.exe]

UDP 0.0.0.0:4500 *:* 1004
[lsass.exe]

UDP 127.0.0.1:1034 *:* 1488
[smc.exe]

UDP 127.0.0.1:1900 *:* 1736
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:123 *:* 1376
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.0.100:1900 *:* 1736
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.0.100:137 *:* 4
[System]

UDP 192.168.0.100:138 *:* 4
[System]

UDP 192.168.0.100:123 *:* 1376
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

C:\Documents and Settings\babs>

Posted by donnie on March 23, 2006, 8:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:

>Which of these netstat connections should I ban on Windows XP?
#################################
The only thing that could be a problem is port 139 as far as I can
see.
Just make sure that you don't have file and printer sharing enabled
and I think you'll be ok.

Posted by David H. Lipman on March 23, 2006, 9:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


| The only thing that could be a problem is port 139 as far as I can
| see.
| Just make sure that you don't have file and printer sharing enabled
| and I think you'll be ok.

It looks like she has a Private Address; 192.168.0.100

If this is a Router connected PC, that point is moot.

BTW: This was also posted in alt.privacy.spyware

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by donnie on March 24, 2006, 3:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Fri, 24 Mar 2006 02:52:13 GMT, "David H. Lipman"

>
>
>| The only thing that could be a problem is port 139 as far as I can
>| see.
>| Just make sure that you don't have file and printer sharing enabled
>| and I think you'll be ok.
>
>It looks like she has a Private Address; 192.168.0.100
>
>If this is a Router connected PC, that point is moot.
>
>BTW: This was also posted in alt.privacy.spyware
####################################
Yes, it was a private address because that was the local address
'listening' on port 139, which is ok as long as file and print sharing
isn't enabled.

Posted by David H. Lipman on March 24, 2006, 9:53 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


| ####################################
| Yes, it was a private address because that was the local address
| 'listening' on port 139, which is ok as long as file and print sharing
| isn't enabled.

Right. But if it is behind a NAT Router or a NAT Router with a FireWall
implementation then
having File & Print Services enabled is NOT a problem.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
security hole in winXP July 9, 2006, 8:48 pm
Can someone external reset my Autorun on a WinXP machine? January 12, 2006, 11:39 pm
netstat -a question July 19, 2005, 4:39 pm
http connections June 24, 2006, 3:55 pm
Re: Win2k Netstat sockets interpretation January 29, 2007, 6:20 am
Curious HTTP connections October 16, 2006, 1:31 pm
Turning off the "Ad hoc" option for OS X airport connections May 7, 2008, 10:18 am
Error 502: Concurrent Connections Limit in Avast! July 5, 2007, 12:14 pm
Banned URL October 26, 2005, 7:31 pm
BBC banned my IP July 19, 2008, 5:39 pm

The site map in XML format XML site map

Contact Us | Privacy Policy