Which of these netstat connections should be banned on WinXP?

Discussion in 'Computer Security' started by Barbara Bailey, Mar 23, 2006.

  1. Which of these netstat connections should I ban on Windows XP?

    I thought I was protected on a home wireless network behind a d-link
    router. But coworkers said that with BitTorrent, even with avast and sygate
    running I should run the netstat ban command to find what to ban and then
    ban it.

    Running the netstat ban command gave me the output below.
    Can you help point me to the right connections to kill daily?

    I appreciate your help
    Barbara



    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.
    C:\Documents and Settings\babs> netstat -ban
    Active Connections
    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    [System]

    TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 2552
    [alg.exe]

    TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 2584
    [ashMaiSv.exe]

    TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 308
    [ashWebSv.exe]

    TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 2584
    [ashMaiSv.exe]

    TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 2584
    [ashMaiSv.exe]

    TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 2584
    [ashMaiSv.exe]

    TCP 192.168.0.100:139 0.0.0.0:0 LISTENING 4
    [System]

    TCP 127.0.0.1:1996 127.0.0.1:12080 TIME_WAIT 0
    TCP 127.0.0.1:1998 127.0.0.1:12080 TIME_WAIT 0
    TCP 127.0.0.1:2000 127.0.0.1:12080 TIME_WAIT 0
    TCP 127.0.0.1:2003 127.0.0.1:12080 TIME_WAIT 0
    TCP 127.0.0.1:2005 127.0.0.1:12080 TIME_WAIT 0
    TCP 127.0.0.1:2007 127.0.0.1:12080 TIME_WAIT 0
    TCP 192.168.0.100:1975 70.86.5.131:80 TIME_WAIT 0
    TCP 192.168.0.100:1977 70.86.5.131:80 TIME_WAIT 0
    UDP 0.0.0.0:445 *:* 4
    [System]

    UDP 0.0.0.0:500 *:* 1004
    [lsass.exe]

    UDP 0.0.0.0:4693 *:* 1488
    [smc.exe]

    UDP 0.0.0.0:1025 *:* 1360
    [BTStackServer.exe]

    UDP 0.0.0.0:4500 *:* 1004
    [lsass.exe]

    UDP 127.0.0.1:1034 *:* 1488
    [smc.exe]

    UDP 127.0.0.1:1900 *:* 1736
    c:\windows\system32\WS2_32.dll
    c:\windows\system32\ssdpsrv.dll
    ntdll.dll
    C:\WINDOWS\system32\kernel32.dll
    [svchost.exe]

    UDP 127.0.0.1:123 *:* 1376
    c:\windows\system32\WS2_32.dll
    c:\windows\system32\w32time.dll
    ntdll.dll
    C:\WINDOWS\system32\kernel32.dll
    [svchost.exe]

    UDP 192.168.0.100:1900 *:* 1736
    c:\windows\system32\WS2_32.dll
    c:\windows\system32\ssdpsrv.dll
    ntdll.dll
    C:\WINDOWS\system32\kernel32.dll
    [svchost.exe]

    UDP 192.168.0.100:137 *:* 4
    [System]

    UDP 192.168.0.100:138 *:* 4
    [System]

    UDP 192.168.0.100:123 *:* 1376
    c:\windows\system32\WS2_32.dll
    c:\windows\system32\w32time.dll
    ntdll.dll
    C:\WINDOWS\system32\kernel32.dll
    [svchost.exe]

    C:\Documents and Settings\babs>
    Barbara Bailey, Mar 23, 2006
    #1
    1. Advertising

  2. Barbara Bailey

    donnie Guest

    On Thu, 23 Mar 2006 07:57:13 GMT, Barbara Bailey <>
    wrote:

    >Which of these netstat connections should I ban on Windows XP?

    #################################
    The only thing that could be a problem is port 139 as far as I can
    see.
    Just make sure that you don't have file and printer sharing enabled
    and I think you'll be ok.
    donnie, Mar 24, 2006
    #2
    1. Advertising

  3. From: "donnie" <>


    | The only thing that could be a problem is port 139 as far as I can
    | see.
    | Just make sure that you don't have file and printer sharing enabled
    | and I think you'll be ok.

    It looks like she has a Private Address; 192.168.0.100

    If this is a Router connected PC, that point is moot.

    BTW: This was also posted in alt.privacy.spyware

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Mar 24, 2006
    #3
  4. Barbara Bailey

    donnie Guest

    On Fri, 24 Mar 2006 02:52:13 GMT, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    >From: "donnie" <>
    >
    >
    >| The only thing that could be a problem is port 139 as far as I can
    >| see.
    >| Just make sure that you don't have file and printer sharing enabled
    >| and I think you'll be ok.
    >
    >It looks like she has a Private Address; 192.168.0.100
    >
    >If this is a Router connected PC, that point is moot.
    >
    >BTW: This was also posted in alt.privacy.spyware

    ####################################
    Yes, it was a private address because that was the local address
    'listening' on port 139, which is ok as long as file and print sharing
    isn't enabled.
    donnie, Mar 24, 2006
    #4
  5. From: "donnie" <>


    | ####################################
    | Yes, it was a private address because that was the local address
    | 'listening' on port 139, which is ok as long as file and print sharing
    | isn't enabled.

    Right. But if it is behind a NAT Router or a NAT Router with a FireWall implementation then
    having File & Print Services enabled is NOT a problem.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Mar 25, 2006
    #5
  6. Barbara Bailey

    donnie Guest

    On Sat, 25 Mar 2006 02:53:52 GMT, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    >From: "donnie" <>
    >
    >
    >| ####################################
    >| Yes, it was a private address because that was the local address
    >| 'listening' on port 139, which is ok as long as file and print sharing
    >| isn't enabled.
    >
    >Right. But if it is behind a NAT Router or a NAT Router with a FireWall implementation then
    >having File & Print Services enabled is NOT a problem.

    ############################################
    That's not true if there is a wireless router w/ DHCP and someone w/ a
    laptop parks outside your residence or office. I'm sure you have
    heard of war driving.
    donnie, Mar 26, 2006
    #6
  7. David H. Lipman, Mar 26, 2006
    #7
  8. Barbara Bailey

    Guest

    Barbara Bailey wrote:
    > Which of these netstat connections should I ban on Windows XP?

    <snip>> Running the netstat ban command gave me the output below.

    hilarious!

    netstat -ban
    is netstat -b -a -n

    it doesn't ban anything.

    try netstat -? to see what -b -a -n means


    > Can you help point me to the right connections to kill daily?
    > <snip>


    you kill processes, that's a way of killing a connection. you're prob
    alright.
    , Mar 27, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V2FsbHk=?=

    Netstat command

    =?Utf-8?B?V2FsbHk=?=, Mar 25, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    734
  2. tokyosky

    netstat question

    tokyosky, Dec 28, 2005, in forum: Firefox
    Replies:
    13
    Views:
    3,728
    Adrian
    Dec 29, 2005
  3. Guest
    Replies:
    2
    Views:
    806
    treehugger
    Sep 28, 2004
  4. *  *  *   Y o u r  .  S h e p h e r d  .  A q u i

    dutch language should be banned!

    * * * Y o u r . S h e p h e r d . A q u i, Jun 28, 2005, in forum: Computer Support
    Replies:
    17
    Views:
    603
    dr. Bill
    Jun 28, 2005
  5. MrBigglesworth
    Replies:
    4
    Views:
    563
Loading...

Share This Page